ACCUMULO-3049 Add authenticate to AuditedSecurityOperation When a client authenticates with Accumulo, the information is presently not included in the audit log. We should definitely know when a client is authenticating against the system.
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/66594dbc Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/66594dbc Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/66594dbc Branch: refs/heads/master Commit: 66594dbc2da9b25830900fcf01ac099838a0013a Parents: 81a77e1 Author: Josh Elser <els...@apache.org> Authored: Wed Aug 6 14:54:54 2014 -0400 Committer: Josh Elser <els...@apache.org> Committed: Wed Aug 6 18:17:50 2014 -0400 ---------------------------------------------------------------------- .../server/security/AuditedSecurityOperation.java | 14 ++++++++++++++ .../accumulo/server/security/SecurityOperation.java | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/66594dbc/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java ---------------------------------------------------------------------- diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java index d55382d..e37d4a2 100644 --- a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java +++ b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java @@ -434,4 +434,18 @@ public class AuditedSecurityOperation extends SecurityOperation { throw ex; } } + + // The audit log is already logging the principal, so we don't have anything else to audit + public static final String AUTHENICATE_AUDIT_TEMPLATE = ""; + + @Override + protected void authenticate(TCredentials credentials) throws ThriftSecurityException { + try { + super.authenticate(credentials); + audit(credentials, true, AUTHENICATE_AUDIT_TEMPLATE); + } catch (ThriftSecurityException e) { + audit(credentials, false, AUTHENICATE_AUDIT_TEMPLATE); + throw e; + } + } } http://git-wip-us.apache.org/repos/asf/accumulo/blob/66594dbc/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java ---------------------------------------------------------------------- diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java index d61dd30..d0e6aea 100644 --- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java +++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java @@ -149,7 +149,7 @@ public class SecurityOperation { return SystemCredentials.get().getToken().getClass().getName().equals(credentials.getTokenClassName()); } - private void authenticate(TCredentials credentials) throws ThriftSecurityException { + protected void authenticate(TCredentials credentials) throws ThriftSecurityException { if (!credentials.getInstanceId().equals(HdfsZooInstance.getInstance().getInstanceID())) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.INVALID_INSTANCEID);
