Cleanup

- descriptive authentication messages - cleaned up a bit the `InternalAuthorizationService` Original commit: elastic/x-pack-elasticsearch@47f485f1bc
2015-01-23 14:45:50 +01:00 · 2015-01-23 14:45:50 +01:00 · 78f3e28cb8
parent dd4a66bd6c
commit 78f3e28cb8
2 changed files with 14 additions and 13 deletions
--- a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
+++ b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
@ -49,11 +49,11 @@ public class InternalAuthenticationService extends AbstractComponent implements
        AuthenticationToken token = token(request);
        if (token == null) {
            auditTrail.anonymousAccessDenied(request);
-            throw new AuthenticationException("missing authentication token");
+            throw new AuthenticationException("missing authentication token for REST request [" + request.uri() + "]");
        }
        User user = authenticate(request, token);
        if (user == null) {
-            throw new AuthenticationException("unable to authenticate user for request");
+            throw new AuthenticationException("unable to authenticate user [" + user.principal() + "] for REST request [" + request.uri() + "]");
        }
        request.putInContext(USER_KEY, user);
        return user;
@ -147,7 +147,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
        if (token == null) {
            if (fallbackUser == null) {
                auditTrail.anonymousAccessDenied(action, message);
-                throw new AuthenticationException("missing authentication token for request [" + action + "]");
+                throw new AuthenticationException("missing authentication token for action [" + action + "]");
            }
            return fallbackUser;
        }
@ -163,7 +163,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
                }
            }
            auditTrail.authenticationFailed(token, action, message);
-            throw new AuthenticationException("unable to authenticate user for request [" + action + "]");
+            throw new AuthenticationException("unable to authenticate user [" + token.principal() + "] for action [" + action + "]");
        } finally {
            token.clearCredentials();
        }
--- a/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java
+++ b/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java
@ -208,15 +208,6 @@ public class InternalAuthorizationService extends AbstractComponent implements A
        return roles.build();
    }
    private AuthorizationException denial(User user, String action, TransportRequest request) {
        auditTrail.accessDenied(user, action, request);
        return new AuthorizationException("action [" + action + "] is unauthorized for user [" + user.principal() + "]");
    }
    private void grant(User user, String action, TransportRequest request) {
        auditTrail.accessGranted(user, action, request);
    }
    private Set<String> resolveIndices(User user, String action, TransportRequest request) {
        MetaData metaData = clusterService.state().metaData();
        for (IndicesResolver resolver : indicesResolvers) {
@ -238,4 +229,14 @@ public class InternalAuthorizationService extends AbstractComponent implements A
                action.equals(ClearScrollAction.NAME) ||
                action.equals(SearchServiceTransportAction.CLEAR_SCROLL_CONTEXTS_ACTION_NAME);
    }
    private AuthorizationException denial(User user, String action, TransportRequest request) {
        auditTrail.accessDenied(user, action, request);
        return new AuthorizationException("action [" + action + "] is unauthorized for user [" + user.principal() + "]");
    }
    private void grant(User user, String action, TransportRequest request) {
        auditTrail.accessGranted(user, action, request);
    }
 }