activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hiram Chirino (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (APLO-84) Log more information in case of authorization failures
Date Mon, 29 Aug 2011 11:59:37 GMT

     [ https://issues.apache.org/jira/browse/APLO-84?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Hiram Chirino updated APLO-84:
------------------------------

      Component/s: apollo-stomp
                   apollo-broker
    Fix Version/s: 1.0
         Assignee: Hiram Chirino

Totally agree.

> Log more information in case of authorization failures
> ------------------------------------------------------
>
>                 Key: APLO-84
>                 URL: https://issues.apache.org/jira/browse/APLO-84
>             Project: ActiveMQ Apollo
>          Issue Type: Improvement
>          Components: apollo-broker, apollo-stomp
>            Reporter: Lionel Cons
>            Assignee: Hiram Chirino
>             Fix For: 1.0
>
>
> In case of failed plain text connection, we get:
>  2011-08-29 09:21:26,936 connected: local:/192.168.183.22:6123, remote:/192.168.208.50:44390
>  2011-08-29 09:21:26,947 STOMP connection '/192.168.208.50:44390' error: Connect not
authorized. Username=monitor
>  2011-08-29 09:21:26,951 disconnected: local:/192.168.183.22:6123, remote:/192.168.208.50:44390
> But in case of failed X.509 connection, we only get:
>  2011-08-29 09:21:42,961 connected: local:/192.168.183.22:6133, remote:/192.168.208.50:33530
>  2011-08-29 09:21:43,009 STOMP connection '/192.168.208.50:33530' error: Connect not
authorized.
>  2011-08-29 09:21:43,011 disconnected: local:/192.168.183.22:6133, remote:/192.168.208.50:33530
> Would it be possible to also log the DN that failed to authenticate?
> More generally, in case of authorization failure, we get minimal
> information:
>  2011-08-29 09:36:42,061 connected: local:/192.168.183.22:6133, remote:/192.168.208.50:49343
>  2011-08-29 09:36:42,214 STOMP connection '/192.168.208.50:49343' error: Not authorized
to receive from the destination.
>  2011-08-29 09:36:42,217 disconnected: local:/192.168.183.22:6133, remote:/192.168.208.50:49343
> Would it be possible to log more and include the identity (ideally, a
> list of pairs of principal kind + value) and the destination (probably
> as a pair of kind + name)?
> This extra information would greatly help creating and testing authorization rules as
per APLO-56...

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message