[Audit] Renamed anonymous_access to anonymous_access_denied

- The `anonymous_access_denied` clearly indicates that the requests were denied. - In the future, if/when we add anonymous realm, we'll add another event type - `anonymous_access_granted` - plays nice with this change Original commit: elastic/x-pack-elasticsearch@1fead24a0d
2025-02-10 06:55:32 +00:00 · 2015-01-22 02:29:11 +01:00 · 2015-01-22 02:29:11 +01:00 · 2c687271d4
commit 2c687271d4
parent 14699d6610
7 changed files with 32 additions and 32 deletions
--- a/src/main/java/org/elasticsearch/shield/audit/AuditTrail.java
+++ b/src/main/java/org/elasticsearch/shield/audit/AuditTrail.java
@ -29,11 +29,11 @@ public interface AuditTrail {
        }
        @Override
-        public void anonymousAccess(String action, TransportMessage<?> message) {
+        public void anonymousAccessDenied(String action, TransportMessage<?> message) {
        }
        @Override
-        public void anonymousAccess(RestRequest request) {
+        public void anonymousAccessDenied(RestRequest request) {
        }
        @Override
@ -75,9 +75,9 @@ public interface AuditTrail {
    String name();
-    void anonymousAccess(String action, TransportMessage<?> message);
+    void anonymousAccessDenied(String action, TransportMessage<?> message);
-    void anonymousAccess(RestRequest request);
+    void anonymousAccessDenied(RestRequest request);
    void authenticationFailed(AuthenticationToken token, String action, TransportMessage<?> message);
--- a/src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java
+++ b/src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java
@ -37,16 +37,16 @@ public class AuditTrailService extends AbstractComponent implements AuditTrail {
    }
    @Override
-    public void anonymousAccess(String action, TransportMessage<?> message) {
+    public void anonymousAccessDenied(String action, TransportMessage<?> message) {
        for (AuditTrail auditTrail : auditTrails) {
-            auditTrail.anonymousAccess(action, message);
+            auditTrail.anonymousAccessDenied(action, message);
        }
    }
    @Override
-    public void anonymousAccess(RestRequest request) {
+    public void anonymousAccessDenied(RestRequest request) {
        for (AuditTrail auditTrail : auditTrails) {
-            auditTrail.anonymousAccess(request);
+            auditTrail.anonymousAccessDenied(request);
        }
    }
--- a/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java
+++ b/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java
@ -64,29 +64,29 @@ public class LoggingAuditTrail implements AuditTrail {
    }
    @Override
-    public void anonymousAccess(String action, TransportMessage<?> message) {
+    public void anonymousAccessDenied(String action, TransportMessage<?> message) {
        String indices = indices(message);
        if (indices != null) {
            if (logger.isDebugEnabled()) {
-                logger.debug("{}[transport] [anonymous_access]\t{}, action=[{}], indices=[{}], request=[{}]", prefix, originAttributes(message), action, indices, message.getClass().getSimpleName());
+                logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}], request=[{}]", prefix, originAttributes(message), action, indices, message.getClass().getSimpleName());
            } else {
-                logger.warn("{}[transport] [anonymous_access]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message), action, indices);
+                logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message), action, indices);
            }
        } else {
            if (logger.isDebugEnabled()) {
-                logger.debug("{}[transport] [anonymous_access]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message), action, message.getClass().getSimpleName());
+                logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message), action, message.getClass().getSimpleName());
            } else {
-                logger.warn("{}[transport] [anonymous_access]\t{}, action=[{}]", prefix, originAttributes(message), action);
+                logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}]", prefix, originAttributes(message), action);
            }
        }
    }
    @Override
-    public void anonymousAccess(RestRequest request) {
+    public void anonymousAccessDenied(RestRequest request) {
        if (logger.isDebugEnabled()) {
-            logger.debug("{}[rest] [anonymous_access]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request.uri(), restRequestContent(request));
+            logger.debug("{}[rest] [anonymous_access_denied]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request.uri(), restRequestContent(request));
        } else {
-            logger.warn("{}[rest] [anonymous_access]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri());
+            logger.warn("{}[rest] [anonymous_access_denied]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri());
        }
    }
--- a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
+++ b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
@ -48,7 +48,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
    public User authenticate(RestRequest request) throws AuthenticationException {
        AuthenticationToken token = token(request);
        if (token == null) {
-            auditTrail.anonymousAccess(request);
+            auditTrail.anonymousAccessDenied(request);
            throw new AuthenticationException("missing authentication token");
        }
        User user = authenticate(request, token);
@ -146,7 +146,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
        if (token == null) {
            if (fallbackUser == null) {
-                auditTrail.anonymousAccess(action, message);
+                auditTrail.anonymousAccessDenied(action, message);
                throw new AuthenticationException("missing authentication token for request [" + action + "]");
            }
            return fallbackUser;
--- a/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java
+++ b/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java
@ -82,9 +82,9 @@ public class AuditTrailServiceTests extends ElasticsearchTestCase {
    @Test
    public void testAnonymousAccess() throws Exception {
-        service.anonymousAccess("_action", message);
+        service.anonymousAccessDenied("_action", message);
        for (AuditTrail auditTrail : auditTrails) {
-            verify(auditTrail).anonymousAccess("_action", message);
+            verify(auditTrail).anonymousAccessDenied("_action", message);
        }
    }
--- a/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java
+++ b/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java
@ -114,13 +114,13 @@ public class LoggingAuditTrailTests extends ElasticsearchTestCase {
    }
    @Test
-    public void testAnonymousAccess_Transport() throws Exception {
+    public void testAnonymousAccessDenied_Transport() throws Exception {
        for (Level level : Level.values()) {
            CapturingLogger logger = new CapturingLogger(level);
            LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, logger);
            TransportMessage message = randomBoolean() ? new MockMessage() : new MockIndicesRequest();
            String origins = LoggingAuditTrail.originAttributes(message);
-            auditTrail.anonymousAccess("_action", message);
+            auditTrail.anonymousAccessDenied("_action", message);
            switch (level) {
                case ERROR:
                    assertEmptyLog(logger);
@ -128,24 +128,24 @@ public class LoggingAuditTrailTests extends ElasticsearchTestCase {
                case WARN:
                case INFO:
                    if (message instanceof IndicesRequest) {
-                        assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access]\t" + origins + ", action=[_action], indices=[idx1,idx2]");
+                        assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access_denied]\t" + origins + ", action=[_action], indices=[idx1,idx2]");
                    } else {
-                        assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access]\t"  + origins + ", action=[_action]");
+                        assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access_denied]\t"  + origins + ", action=[_action]");
                    }
                    break;
                case DEBUG:
                case TRACE:
                    if (message instanceof IndicesRequest) {
-                        assertMsg(logger, Level.DEBUG, prefix + "[transport] [anonymous_access]\t"  + origins + ", action=[_action], indices=[idx1,idx2], request=[MockIndicesRequest]");
+                        assertMsg(logger, Level.DEBUG, prefix + "[transport] [anonymous_access_denied]\t"  + origins + ", action=[_action], indices=[idx1,idx2], request=[MockIndicesRequest]");
                    } else {
-                        assertMsg(logger, Level.DEBUG, prefix + "[transport] [anonymous_access]\t"  + origins + ", action=[_action], request=[MockMessage]");
+                        assertMsg(logger, Level.DEBUG, prefix + "[transport] [anonymous_access_denied]\t"  + origins + ", action=[_action], request=[MockMessage]");
                    }
            }
        }
    }
    @Test
-    public void testAnonymousAccess_Rest() throws Exception {
+    public void testAnonymousAccessDenied_Rest() throws Exception {
        RestRequest request = mock(RestRequest.class);
        when(request.getRemoteAddress()).thenReturn(new InetSocketAddress("_hostname", 9200));
        when(request.uri()).thenReturn("_uri");
@ -154,18 +154,18 @@ public class LoggingAuditTrailTests extends ElasticsearchTestCase {
        for (Level level : Level.values()) {
            CapturingLogger logger = new CapturingLogger(level);
            LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, logger);
-            auditTrail.anonymousAccess(request);
+            auditTrail.anonymousAccessDenied(request);
            switch (level) {
                case ERROR:
                    assertEmptyLog(logger);
                    break;
                case WARN:
                case INFO:
-                    assertMsg(logger, Level.WARN, prefix + "[rest] [anonymous_access]\torigin_address=[_hostname:9200], uri=[_uri]");
+                    assertMsg(logger, Level.WARN, prefix + "[rest] [anonymous_access_denied]\torigin_address=[_hostname:9200], uri=[_uri]");
                    break;
                case DEBUG:
                case TRACE:
-                    assertMsg(logger, Level.DEBUG, prefix + "[rest] [anonymous_access]\torigin_address=[_hostname:9200], uri=[_uri], request_body=[" + expectedMessage + "]");
+                    assertMsg(logger, Level.DEBUG, prefix + "[rest] [anonymous_access_denied]\torigin_address=[_hostname:9200], uri=[_uri], request_body=[" + expectedMessage + "]");
            }
        }
    }
--- a/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
+++ b/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
@ -220,7 +220,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
        } catch (AuthenticationException ae) {
            // expected
        }
-        verify(auditTrail).anonymousAccess("_action", message);
+        verify(auditTrail).anonymousAccessDenied("_action", message);
    }
    @Test
@ -233,7 +233,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
        } catch (AuthenticationException ae) {
            // expected
        }
-        verify(auditTrail).anonymousAccess(restRequest);
+        verify(auditTrail).anonymousAccessDenied(restRequest);
    }
    @Test