[ambari] branch branch-2.7 updated: AMBARI-25234 - Ambari audit log shows "null" user when executing an API call as admin (#2925)

Thu, 11 Apr 2019 21:52:44 -0700 

This is an automated email from the ASF dual-hosted git repository.

krisztiankasa pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/branch-2.7 by this push:
     new adc9d02  AMBARI-25234 - Ambari audit log shows "null" user when 
executing an API call as admin (#2925)
adc9d02 is described below

commit adc9d02ebef3ecf48618b8bf3e1d9a39d9c7c3ab
Author: kasakrisz <33458261+kasakr...@users.noreply.github.com>
AuthorDate: Fri Apr 12 06:52:17 2019 +0200

    AMBARI-25234 - Ambari audit log shows "null" user when executing an API 
call as admin (#2925)
---
 .../AmbariAuthenticationEventHandlerImpl.java              | 14 --------------
 1 file changed, 14 deletions(-)

diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java
index 5deb995..42cc835 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java
@@ -153,19 +153,5 @@ public class AmbariAuthenticationEventHandlerImpl 
implements AmbariAuthenticatio
 
   @Override
   public void beforeAttemptAuthentication(AmbariAuthenticationFilter filter, 
ServletRequest servletRequest, ServletResponse servletResponse) {
-    HttpServletRequest httpServletRequest = (HttpServletRequest) 
servletRequest;
-
-    // Using the Ambari audit logger, log this event (if enabled)
-    if (auditLogger.isEnabled() && filter.shouldApply(httpServletRequest) && 
(AuthorizationHelper.getAuthenticatedName() == null)) {
-      AuditEvent loginFailedAuditEvent = LoginAuditEvent.builder()
-          .withRemoteIp(RequestUtils.getRemoteAddress(httpServletRequest))
-          .withTimestamp(System.currentTimeMillis())
-          .withReasonOfFailure("Authentication required")
-          .withUserName(null)
-          .withProxyUserName(null)
-          .build();
-      auditLogger.log(loginFailedAuditEvent);
-    }
-
   }
 }

Reply via email to