activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lionel Cons (JIRA)" <j...@apache.org>
Subject [jira] [Created] (APLO-84) Log more information in case of authorization failures
Date Mon, 29 Aug 2011 07:47:38 GMT
Log more information in case of authorization failures
------------------------------------------------------

                 Key: APLO-84
                 URL: https://issues.apache.org/jira/browse/APLO-84
             Project: ActiveMQ Apollo
          Issue Type: Improvement
            Reporter: Lionel Cons


In case of failed plain text connection, we get:

 2011-08-29 09:21:26,936 connected: local:/192.168.183.22:6123, remote:/192.168.208.50:44390
 2011-08-29 09:21:26,947 STOMP connection '/192.168.208.50:44390' error: Connect not authorized.
Username=monitor
 2011-08-29 09:21:26,951 disconnected: local:/192.168.183.22:6123, remote:/192.168.208.50:44390

But in case of failed X.509 connection, we only get:

 2011-08-29 09:21:42,961 connected: local:/192.168.183.22:6133, remote:/192.168.208.50:33530
 2011-08-29 09:21:43,009 STOMP connection '/192.168.208.50:33530' error: Connect not authorized.
 2011-08-29 09:21:43,011 disconnected: local:/192.168.183.22:6133, remote:/192.168.208.50:33530

Would it be possible to also log the DN that failed to authenticate?

More generally, in case of authorization failure, we get minimal
information:

 2011-08-29 09:36:42,061 connected: local:/192.168.183.22:6133, remote:/192.168.208.50:49343
 2011-08-29 09:36:42,214 STOMP connection '/192.168.208.50:49343' error: Not authorized to
receive from the destination.
 2011-08-29 09:36:42,217 disconnected: local:/192.168.183.22:6133, remote:/192.168.208.50:49343

Would it be possible to log more and include the identity (ideally, a
list of pairs of principal kind + value) and the destination (probably
as a pair of kind + name)?

This extra information would greatly help creating and testing authorization rules as per
APLO-56...

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message