diff --git a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java index 62e32529aee..ee8e5b47808 100644 --- a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java +++ b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java @@ -49,11 +49,11 @@ public class InternalAuthenticationService extends AbstractComponent implements AuthenticationToken token = token(request); if (token == null) { auditTrail.anonymousAccessDenied(request); - throw new AuthenticationException("missing authentication token"); + throw new AuthenticationException("missing authentication token for REST request [" + request.uri() + "]"); } User user = authenticate(request, token); if (user == null) { - throw new AuthenticationException("unable to authenticate user for request"); + throw new AuthenticationException("unable to authenticate user [" + user.principal() + "] for REST request [" + request.uri() + "]"); } request.putInContext(USER_KEY, user); return user; @@ -147,7 +147,7 @@ public class InternalAuthenticationService extends AbstractComponent implements if (token == null) { if (fallbackUser == null) { auditTrail.anonymousAccessDenied(action, message); - throw new AuthenticationException("missing authentication token for request [" + action + "]"); + throw new AuthenticationException("missing authentication token for action [" + action + "]"); } return fallbackUser; } @@ -163,7 +163,7 @@ public class InternalAuthenticationService extends AbstractComponent implements } } auditTrail.authenticationFailed(token, action, message); - throw new AuthenticationException("unable to authenticate user for request [" + action + "]"); + throw new AuthenticationException("unable to authenticate user [" + token.principal() + "] for action [" + action + "]"); } finally { token.clearCredentials(); } diff --git a/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java b/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java index 7d03437514a..039b3f734a7 100644 --- a/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java +++ b/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java @@ -208,15 +208,6 @@ public class InternalAuthorizationService extends AbstractComponent implements A return roles.build(); } - private AuthorizationException denial(User user, String action, TransportRequest request) { - auditTrail.accessDenied(user, action, request); - return new AuthorizationException("action [" + action + "] is unauthorized for user [" + user.principal() + "]"); - } - - private void grant(User user, String action, TransportRequest request) { - auditTrail.accessGranted(user, action, request); - } - private Set resolveIndices(User user, String action, TransportRequest request) { MetaData metaData = clusterService.state().metaData(); for (IndicesResolver resolver : indicesResolvers) { @@ -238,4 +229,14 @@ public class InternalAuthorizationService extends AbstractComponent implements A action.equals(ClearScrollAction.NAME) || action.equals(SearchServiceTransportAction.CLEAR_SCROLL_CONTEXTS_ACTION_NAME); } + + private AuthorizationException denial(User user, String action, TransportRequest request) { + auditTrail.accessDenied(user, action, request); + return new AuthorizationException("action [" + action + "] is unauthorized for user [" + user.principal() + "]"); + } + + private void grant(User user, String action, TransportRequest request) { + auditTrail.accessGranted(user, action, request); + } + }