knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From su...@apache.org
Subject knox git commit: KNOX-534 auditing shiro authentication exceptions
Date Mon, 27 Apr 2015 14:38:26 GMT
Repository: knox
Updated Branches:
  refs/heads/master 734d425b7 -> cc37cf2fd


KNOX-534 auditing shiro authentication exceptions


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/cc37cf2f
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/cc37cf2f
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/cc37cf2f

Branch: refs/heads/master
Commit: cc37cf2fd73ac678373f535248901586fac03084
Parents: 734d425
Author: Sumit Gupta <sumit@apache.org>
Authored: Mon Apr 27 10:37:46 2015 -0400
Committer: Sumit Gupta <sumit@apache.org>
Committed: Mon Apr 27 10:37:46 2015 -0400

----------------------------------------------------------------------
 .../gateway/shirorealm/KnoxLdapRealm.java       | 26 ++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/cc37cf2f/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
index c797c06..3079416 100644
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
@@ -40,6 +40,13 @@ import javax.naming.ldap.LdapContext;
 import javax.naming.ldap.LdapName;
 
 import org.apache.hadoop.gateway.GatewayMessages;
+import org.apache.hadoop.gateway.audit.api.Action;
+import org.apache.hadoop.gateway.audit.api.ActionOutcome;
+import org.apache.hadoop.gateway.audit.api.AuditService;
+import org.apache.hadoop.gateway.audit.api.AuditServiceFactory;
+import org.apache.hadoop.gateway.audit.api.Auditor;
+import org.apache.hadoop.gateway.audit.api.ResourceType;
+import org.apache.hadoop.gateway.audit.log4j.audit.AuditConstants;
 import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationInfo;
@@ -110,7 +117,11 @@ import org.apache.shiro.util.StringUtils;
 public class KnoxLdapRealm extends JndiLdapRealm {
 
     private static GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
-  
+    private static AuditService auditService = AuditServiceFactory.getAuditService();
+    private static Auditor auditor = auditService.getAuditor(
+        AuditConstants.DEFAULT_AUDITOR_NAME, AuditConstants.KNOX_SERVICE_NAME,
+        AuditConstants.KNOX_COMPONENT_NAME );
+
     private static final String MEMBER_SUBSTITUTION_TOKEN = "{0}";
     private final static SearchControls SUBTREE_SCOPE = new SearchControls();
     private final static SearchControls ONELEVEL_SCOPE = new SearchControls();
@@ -157,7 +168,18 @@ public class KnoxLdapRealm extends JndiLdapRealm {
       setCredentialsMatcher(credentialsMatcher);
     }
 
-    /**
+  @Override
+  //KNOX-534 overriding this method to be able to audit authentication exceptions
+  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws
org.apache.shiro.authc.AuthenticationException {
+    try {
+      return super.doGetAuthenticationInfo(token);
+    } catch ( org.apache.shiro.authc.AuthenticationException e ) {
+      auditor.audit( Action.AUTHENTICATION , token.getPrincipal().toString(), ResourceType.PRINCIPAL,
ActionOutcome.FAILURE, e.getMessage() );
+      throw e;
+    }
+  }
+
+  /**
      * Get groups from LDAP.
      * 
      * @param principals


Mime
View raw message