diff --git a/src/main/java/org/elasticsearch/shield/audit/AuditTrail.java b/src/main/java/org/elasticsearch/shield/audit/AuditTrail.java index b73de2d02a3..693a4bb2d69 100644 --- a/src/main/java/org/elasticsearch/shield/audit/AuditTrail.java +++ b/src/main/java/org/elasticsearch/shield/audit/AuditTrail.java @@ -29,11 +29,11 @@ public interface AuditTrail { } @Override - public void anonymousAccess(String action, TransportMessage message) { + public void anonymousAccessDenied(String action, TransportMessage message) { } @Override - public void anonymousAccess(RestRequest request) { + public void anonymousAccessDenied(RestRequest request) { } @Override @@ -75,9 +75,9 @@ public interface AuditTrail { String name(); - void anonymousAccess(String action, TransportMessage message); + void anonymousAccessDenied(String action, TransportMessage message); - void anonymousAccess(RestRequest request); + void anonymousAccessDenied(RestRequest request); void authenticationFailed(AuthenticationToken token, String action, TransportMessage message); diff --git a/src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java b/src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java index 956576924ce..96b840e6a82 100644 --- a/src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java +++ b/src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java @@ -37,16 +37,16 @@ public class AuditTrailService extends AbstractComponent implements AuditTrail { } @Override - public void anonymousAccess(String action, TransportMessage message) { + public void anonymousAccessDenied(String action, TransportMessage message) { for (AuditTrail auditTrail : auditTrails) { - auditTrail.anonymousAccess(action, message); + auditTrail.anonymousAccessDenied(action, message); } } @Override - public void anonymousAccess(RestRequest request) { + public void anonymousAccessDenied(RestRequest request) { for (AuditTrail auditTrail : auditTrails) { - auditTrail.anonymousAccess(request); + auditTrail.anonymousAccessDenied(request); } } diff --git a/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java b/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java index df2aef31ab4..6aef9ec8713 100644 --- a/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java +++ b/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java @@ -64,29 +64,29 @@ public class LoggingAuditTrail implements AuditTrail { } @Override - public void anonymousAccess(String action, TransportMessage message) { + public void anonymousAccessDenied(String action, TransportMessage message) { String indices = indices(message); if (indices != null) { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [anonymous_access]\t{}, action=[{}], indices=[{}], request=[{}]", prefix, originAttributes(message), action, indices, message.getClass().getSimpleName()); + logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}], request=[{}]", prefix, originAttributes(message), action, indices, message.getClass().getSimpleName()); } else { - logger.warn("{}[transport] [anonymous_access]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message), action, indices); + logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message), action, indices); } } else { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [anonymous_access]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message), action, message.getClass().getSimpleName()); + logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message), action, message.getClass().getSimpleName()); } else { - logger.warn("{}[transport] [anonymous_access]\t{}, action=[{}]", prefix, originAttributes(message), action); + logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}]", prefix, originAttributes(message), action); } } } @Override - public void anonymousAccess(RestRequest request) { + public void anonymousAccessDenied(RestRequest request) { if (logger.isDebugEnabled()) { - logger.debug("{}[rest] [anonymous_access]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request.uri(), restRequestContent(request)); + logger.debug("{}[rest] [anonymous_access_denied]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request.uri(), restRequestContent(request)); } else { - logger.warn("{}[rest] [anonymous_access]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri()); + logger.warn("{}[rest] [anonymous_access_denied]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri()); } } diff --git a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java index 35c611eb038..62e32529aee 100644 --- a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java +++ b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java @@ -48,7 +48,7 @@ public class InternalAuthenticationService extends AbstractComponent implements public User authenticate(RestRequest request) throws AuthenticationException { AuthenticationToken token = token(request); if (token == null) { - auditTrail.anonymousAccess(request); + auditTrail.anonymousAccessDenied(request); throw new AuthenticationException("missing authentication token"); } User user = authenticate(request, token); @@ -146,7 +146,7 @@ public class InternalAuthenticationService extends AbstractComponent implements if (token == null) { if (fallbackUser == null) { - auditTrail.anonymousAccess(action, message); + auditTrail.anonymousAccessDenied(action, message); throw new AuthenticationException("missing authentication token for request [" + action + "]"); } return fallbackUser; diff --git a/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java b/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java index ed953b12c62..85b7128db8a 100644 --- a/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java +++ b/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java @@ -82,9 +82,9 @@ public class AuditTrailServiceTests extends ElasticsearchTestCase { @Test public void testAnonymousAccess() throws Exception { - service.anonymousAccess("_action", message); + service.anonymousAccessDenied("_action", message); for (AuditTrail auditTrail : auditTrails) { - verify(auditTrail).anonymousAccess("_action", message); + verify(auditTrail).anonymousAccessDenied("_action", message); } } diff --git a/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java b/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java index 9e313110be0..be4d3bb1bbf 100644 --- a/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java +++ b/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java @@ -114,13 +114,13 @@ public class LoggingAuditTrailTests extends ElasticsearchTestCase { } @Test - public void testAnonymousAccess_Transport() throws Exception { + public void testAnonymousAccessDenied_Transport() throws Exception { for (Level level : Level.values()) { CapturingLogger logger = new CapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, logger); TransportMessage message = randomBoolean() ? new MockMessage() : new MockIndicesRequest(); String origins = LoggingAuditTrail.originAttributes(message); - auditTrail.anonymousAccess("_action", message); + auditTrail.anonymousAccessDenied("_action", message); switch (level) { case ERROR: assertEmptyLog(logger); @@ -128,24 +128,24 @@ public class LoggingAuditTrailTests extends ElasticsearchTestCase { case WARN: case INFO: if (message instanceof IndicesRequest) { - assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access]\t" + origins + ", action=[_action], indices=[idx1,idx2]"); + assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access_denied]\t" + origins + ", action=[_action], indices=[idx1,idx2]"); } else { - assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access]\t" + origins + ", action=[_action]"); + assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access_denied]\t" + origins + ", action=[_action]"); } break; case DEBUG: case TRACE: if (message instanceof IndicesRequest) { - assertMsg(logger, Level.DEBUG, prefix + "[transport] [anonymous_access]\t" + origins + ", action=[_action], indices=[idx1,idx2], request=[MockIndicesRequest]"); + assertMsg(logger, Level.DEBUG, prefix + "[transport] [anonymous_access_denied]\t" + origins + ", action=[_action], indices=[idx1,idx2], request=[MockIndicesRequest]"); } else { - assertMsg(logger, Level.DEBUG, prefix + "[transport] [anonymous_access]\t" + origins + ", action=[_action], request=[MockMessage]"); + assertMsg(logger, Level.DEBUG, prefix + "[transport] [anonymous_access_denied]\t" + origins + ", action=[_action], request=[MockMessage]"); } } } } @Test - public void testAnonymousAccess_Rest() throws Exception { + public void testAnonymousAccessDenied_Rest() throws Exception { RestRequest request = mock(RestRequest.class); when(request.getRemoteAddress()).thenReturn(new InetSocketAddress("_hostname", 9200)); when(request.uri()).thenReturn("_uri"); @@ -154,18 +154,18 @@ public class LoggingAuditTrailTests extends ElasticsearchTestCase { for (Level level : Level.values()) { CapturingLogger logger = new CapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, logger); - auditTrail.anonymousAccess(request); + auditTrail.anonymousAccessDenied(request); switch (level) { case ERROR: assertEmptyLog(logger); break; case WARN: case INFO: - assertMsg(logger, Level.WARN, prefix + "[rest] [anonymous_access]\torigin_address=[_hostname:9200], uri=[_uri]"); + assertMsg(logger, Level.WARN, prefix + "[rest] [anonymous_access_denied]\torigin_address=[_hostname:9200], uri=[_uri]"); break; case DEBUG: case TRACE: - assertMsg(logger, Level.DEBUG, prefix + "[rest] [anonymous_access]\torigin_address=[_hostname:9200], uri=[_uri], request_body=[" + expectedMessage + "]"); + assertMsg(logger, Level.DEBUG, prefix + "[rest] [anonymous_access_denied]\torigin_address=[_hostname:9200], uri=[_uri], request_body=[" + expectedMessage + "]"); } } } diff --git a/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java index a95ddab8c56..f6045172650 100644 --- a/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java +++ b/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java @@ -220,7 +220,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { } catch (AuthenticationException ae) { // expected } - verify(auditTrail).anonymousAccess("_action", message); + verify(auditTrail).anonymousAccessDenied("_action", message); } @Test @@ -233,7 +233,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { } catch (AuthenticationException ae) { // expected } - verify(auditTrail).anonymousAccess(restRequest); + verify(auditTrail).anonymousAccessDenied(restRequest); } @Test