Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-26517 Add auth method information to AccessChecker audit log (#3897) 

Signed-off-by: Duo Zhang <zhangduo@apache.org>
This commit is contained in:
Tomu Tsuruhara 2021-12-04 23:59:29 +09:00 committed by GitHub
parent 4d929d7929
commit cf5bc6afca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessChecker.java
View File

@ -46,6 +46,7 @@ import org.apache.hadoop.hbase.security.access.Permission.Action;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.HadoopKerberosName;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.yetus.audience.InterfaceAudience;
import org.apache.yetus.audience.InterfaceStability;
import org.slf4j.Logger;
@ -366,12 +367,16 @@ public class AccessChecker {
public static void logResult(AuthResult result) {
if (AUDITLOG.isTraceEnabled()) {
User user = result.getUser();
UserGroupInformation ugi = user != null ? user.getUGI() : null;
AUDITLOG.trace(
"Access {} for user {}; reason: {}; remote address: {}; request: {}; context: {}",
"Access {} for user {}; reason: {}; remote address: {}; request: {}; context: {};" +
"auth method: {}",
(result.isAllowed() ? "allowed" : "denied"),
(result.getUser() != null ? result.getUser().getShortName() : "UNKNOWN"),
(user != null ? user.getShortName() : "UNKNOWN"),
result.getReason(), RpcServer.getRemoteAddress().map(InetAddress::toString).orElse(""),
result.getRequest(), result.toContextString());
result.getRequest(), result.toContextString(),
ugi != null ? ugi.getAuthenticationMethod() : "UNKNOWN");
}
}