[jira] [Commented] (QPID-8124) [Broker-J][REST] Sucessfully authenticated user is reported as <> in ACL operational logs when checking access to management
[ https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16406645#comment-16406645 ] ASF subversion and git services commented on QPID-8124: --- Commit b5d67e003d0cbe71915734e7fa9a3ffb731e9049 in qpid-broker-j's branch refs/heads/7.0.x from [~alex.rufous] [ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=b5d67e0 ] QPID-8124: [Broker-J] Fix ACL logging on checking web management console access after REST SASL authentication > [Broker-J][REST] Sucessfully authenticated user is reported as <> in > ACL operational logs when checking access to management > - > > Key: QPID-8124 > URL: https://issues.apache.org/jira/browse/QPID-8124 > Project: Qpid > Issue Type: Bug > Components: Broker-J >Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0, > qpid-java-broker-7.0.1 >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-7.0.3 > > > When user is successfully authenticated, the user information in operational > log for checking management access is reported as <> for both > Allowed and Denied outcomes: > {noformat} > INFO [qtp1675859208-228] (q.m.a.denied) - <> ACL-1002 : Denied : > Access Management > INFO [qtp1675859208-64] (q.m.a.allowed) - <> ACL-1001 : Allowed : > Access Management > INFO [qtp1675859208-64] (q.m.m.open) - > [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin > {noformat} > As result, it is impossible to identify the principal name of authenticated > user in operational log when access is denied. > Thought, it is possible to get the principal name for "allowed" outcome by > looking into the following logs from the same thread, it would be beneficial > to print the real principal information in the log for Allowed outcome. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8124) [Broker-J][REST] Sucessfully authenticated user is reported as <> in ACL operational logs when checking access to management
[ https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16406639#comment-16406639 ] Keith Wall commented on QPID-8124: -- Changes look reasonable to me. Verified both the interactive and preemptive authentication paths. > [Broker-J][REST] Sucessfully authenticated user is reported as <> in > ACL operational logs when checking access to management > - > > Key: QPID-8124 > URL: https://issues.apache.org/jira/browse/QPID-8124 > Project: Qpid > Issue Type: Bug > Components: Broker-J >Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0, > qpid-java-broker-7.0.1 >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-7.0.3 > > > When user is successfully authenticated, the user information in operational > log for checking management access is reported as <> for both > Allowed and Denied outcomes: > {noformat} > INFO [qtp1675859208-228] (q.m.a.denied) - <> ACL-1002 : Denied : > Access Management > INFO [qtp1675859208-64] (q.m.a.allowed) - <> ACL-1001 : Allowed : > Access Management > INFO [qtp1675859208-64] (q.m.m.open) - > [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin > {noformat} > As result, it is impossible to identify the principal name of authenticated > user in operational log when access is denied. > Thought, it is possible to get the principal name for "allowed" outcome by > looking into the following logs from the same thread, it would be beneficial > to print the real principal information in the log for Allowed outcome. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8124) [Broker-J][REST] Sucessfully authenticated user is reported as <> in ACL operational logs when checking access to management
[ https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16406445#comment-16406445 ] ASF subversion and git services commented on QPID-8124: --- Commit 957f7eda039eb165aa2f75ab5f3afddbaefac87e in qpid-broker-j's branch refs/heads/master from [~alex.rufous] [ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=957f7ed ] QPID-8124: [Broker-J] Fix ACL logging on checking web management console access after REST SASL authentication > [Broker-J][REST] Sucessfully authenticated user is reported as <> in > ACL operational logs when checking access to management > - > > Key: QPID-8124 > URL: https://issues.apache.org/jira/browse/QPID-8124 > Project: Qpid > Issue Type: Bug > Components: Broker-J >Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0, > qpid-java-broker-7.0.1 >Reporter: Alex Rudyy >Assignee: Alex Rudyy >Priority: Major > Fix For: qpid-java-broker-7.0.3 > > > When user is successfully authenticated, the user information in operational > log for checking management access is reported as <> for both > Allowed and Denied outcomes: > {noformat} > INFO [qtp1675859208-228] (q.m.a.denied) - <> ACL-1002 : Denied : > Access Management > INFO [qtp1675859208-64] (q.m.a.allowed) - <> ACL-1001 : Allowed : > Access Management > INFO [qtp1675859208-64] (q.m.m.open) - > [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin > {noformat} > As result, it is impossible to identify the principal name of authenticated > user in operational log when access is denied. > Thought, it is possible to get the principal name for "allowed" outcome by > looking into the following logs from the same thread, it would be beneficial > to print the real principal information in the log for Allowed outcome. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8124) [Broker-J][REST] Sucessfully authenticated user is reported as <> in ACL operational logs when checking access to management
[ https://issues.apache.org/jira/browse/QPID-8124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395323#comment-16395323 ] Alex Rudyy commented on QPID-8124: -- Perhaps, we can provide the details of all user principal when outcome is Denied either in operational log itself or in additional debug level logs > [Broker-J][REST] Sucessfully authenticated user is reported as <> in > ACL operational logs when checking access to management > - > > Key: QPID-8124 > URL: https://issues.apache.org/jira/browse/QPID-8124 > Project: Qpid > Issue Type: Bug > Components: Broker-J >Affects Versions: qpid-java-broker-7.0.2, qpid-java-broker-7.0.0, > qpid-java-broker-7.0.1 >Reporter: Alex Rudyy >Priority: Major > > When user is successfully authenticated, the user information in operational > log for checking management access is reported as <> for both > Allowed and Denied outcomes: > {noformat} > INFO [qtp1675859208-228] (q.m.a.denied) - <> ACL-1002 : Denied : > Access Management > INFO [qtp1675859208-64] (q.m.a.allowed) - <> ACL-1001 : Allowed : > Access Management > INFO [qtp1675859208-64] (q.m.m.open) - > [mng:nyXoe7Io(admin@/127.0.0.1:45666)] MNG-1007 : Open : User admin > {noformat} > As result, it is impossible to identify the principal name of authenticated > user in operational log when access is denied. > Thought, it is possible to get the principal name for "allowed" outcome by > looking into the following logs from the same thread, it would be beneficial > to print the real principal information in the log for Allowed outcome. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org