accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [4/5] git commit: ACCUMULO-3049 Add authenticate to AuditedSecurityOperation
Date Wed, 06 Aug 2014 22:26:54 GMT
ACCUMULO-3049 Add authenticate to AuditedSecurityOperation

When a client authenticates with Accumulo, the information
is presently not included in the audit log. We should definitely
know when a client is authenticating against the system.


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/66594dbc
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/66594dbc
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/66594dbc

Branch: refs/heads/master
Commit: 66594dbc2da9b25830900fcf01ac099838a0013a
Parents: 81a77e1
Author: Josh Elser <elserj@apache.org>
Authored: Wed Aug 6 14:54:54 2014 -0400
Committer: Josh Elser <elserj@apache.org>
Committed: Wed Aug 6 18:17:50 2014 -0400

----------------------------------------------------------------------
 .../server/security/AuditedSecurityOperation.java     | 14 ++++++++++++++
 .../accumulo/server/security/SecurityOperation.java   |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/66594dbc/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
index d55382d..e37d4a2 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
@@ -434,4 +434,18 @@ public class AuditedSecurityOperation extends SecurityOperation {
       throw ex;
     }
   }
+
+  // The audit log is already logging the principal, so we don't have anything else to audit
+  public static final String AUTHENICATE_AUDIT_TEMPLATE =  "";
+
+  @Override
+  protected void authenticate(TCredentials credentials) throws ThriftSecurityException {
+    try {
+      super.authenticate(credentials);
+      audit(credentials, true, AUTHENICATE_AUDIT_TEMPLATE);
+    } catch (ThriftSecurityException e) {
+      audit(credentials, false, AUTHENICATE_AUDIT_TEMPLATE);
+      throw e;
+    }
+  }
 }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/66594dbc/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index d61dd30..d0e6aea 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -149,7 +149,7 @@ public class SecurityOperation {
     return SystemCredentials.get().getToken().getClass().getName().equals(credentials.getTokenClassName());
   }
 
-  private void authenticate(TCredentials credentials) throws ThriftSecurityException {
+  protected void authenticate(TCredentials credentials) throws ThriftSecurityException {
     if (!credentials.getInstanceId().equals(HdfsZooInstance.getInstance().getInstanceID()))
       throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.INVALID_INSTANCEID);
 


Mime
View raw message