Return-Path: X-Original-To: apmail-cassandra-commits-archive@www.apache.org Delivered-To: apmail-cassandra-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 929D0DC16 for ; Mon, 8 Oct 2012 15:44:04 +0000 (UTC) Received: (qmail 67990 invoked by uid 500); 8 Oct 2012 15:44:03 -0000 Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org Received: (qmail 67942 invoked by uid 500); 8 Oct 2012 15:44:03 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 67859 invoked by uid 99); 8 Oct 2012 15:44:03 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Oct 2012 15:44:03 +0000 Date: Mon, 8 Oct 2012 15:44:03 +0000 (UTC) From: "Jonathan Ellis (JIRA)" To: commits@cassandra.apache.org Message-ID: <929301996.8943.1349711043366.JavaMail.jiratomcat@arcas> In-Reply-To: <713117217.60235.1302859745809.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Updated] (CASSANDRA-2485) improve authentication log MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CASSANDRA-2485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonathan Ellis updated CASSANDRA-2485: -------------------------------------- Reviewer: yukim > improve authentication log > -------------------------- > > Key: CASSANDRA-2485 > URL: https://issues.apache.org/jira/browse/CASSANDRA-2485 > Project: Cassandra > Issue Type: Improvement > Components: Core > Affects Versions: 0.7.4 > Environment: linux > Reporter: Shotaro Kamio > Assignee: Dave Brosius > Fix For: 1.2.0 beta 2 > > Attachments: 2485.txt > > > Cassandra should have better authentication log when authenticator is used. At least in login failure, the log should contain login failure message and its reason. > What we have now is DEBUG log in org.apache.cassandra.service.ClientState. > I think there are 5 cases to be logged: > 1. Login failure (No credential is given) > 2. Login failure (Unknown user) > 3. Login failure (Valid user, but wrong password) > 4. Invalid request (Valid user, but no permission for the operation) > 5. Login success > Followings are current logs and problems. > 1. Login failure (No credential is given) > Client will get InvalidRequestException in this case. But log on cassandra server is just as follows: > DEBUG [pool-1-thread-1] 2011-04-15 17:59:40,094 ClientState.java (line 91) logged out: null > It must be useful if it contains login failure and its reason. > 2. Login failure (Unknown user) > I'm not sure what client receives in this case. (pycassa raises AllServersUnavailable exception.) > The server log shows ERROR as follows. But I think that it is ERROR for client, but not for server. The server log should be INFO or WARNING with some detail. > ERROR [pool-1-thread-3] 2011-04-15 18:00:18,236 Cassandra.java (line 2583) Internal error processing login > java.lang.RuntimeException: Unexpected authentication problem > at org.apache.cassandra.auth.SimpleAuthenticator.authenticate(SimpleAuthenticator.java:125) > at org.apache.cassandra.service.ClientState.login(ClientState.java:82) > at org.apache.cassandra.thrift.CassandraServer.login(CassandraServer.java:609) > at org.apache.cassandra.thrift.Cassandra$Processor$login.process(Cassandra.java:2577) > at org.apache.cassandra.thrift.Cassandra$Processor.process(Cassandra.java:2555) > at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:206) > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Caused by: AuthenticationException(why:Given password in password mode PLAIN could not be validated for user jsmith22) > at org.apache.cassandra.auth.SimpleAuthenticator.authenticate(SimpleAuthenticator.java:106) > ... 8 more > DEBUG [pool-1-thread-2] 2011-04-15 18:00:18,238 ClientState.java (line 91) logged out: null > 3. Login failure (Valid user, but wrong password) > Client gets AuthenticationException. But server doesn't have any informative log. Just says "logged out". This log should be INFO or WARNING with user name for debug purpose. > DEBUG [pool-1-thread-4] 2011-04-15 18:04:02,169 ClientState.java (line 91) logged out: null > 4. Invalid request (Valid user, but no permission for the operation) > The log is the same with the login success case below. Cassandra should logs about no permission with INFO or WARN level. > DEBUG [pool-1-thread-3] 2011-04-15 18:11:31,350 ClientState.java (line 84) logged in: # > DEBUG [pool-1-thread-3] 2011-04-15 18:11:31,397 ClientState.java (line 91) logged out: # > 5. Login success (valid user and password) > This log is ok because we can choose DEBUG level if we want to log all the success logins. > DEBUG [pool-1-thread-4] 2011-04-15 18:14:09,451 ClientState.java (line 84) logged in: # > DEBUG [pool-1-thread-4] 2011-04-15 18:14:09,494 ClientState.java (line 91) logged out: # -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira