diff options
Diffstat (limited to 'qpid/java/broker')
4 files changed, 89 insertions, 21 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/actors/ManagementActor.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/actors/ManagementActor.java index 2825fa1b75..286fc78719 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/actors/ManagementActor.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/actors/ManagementActor.java @@ -20,11 +20,15 @@ */ package org.apache.qpid.server.logging.actors; -import org.apache.qpid.server.logging.LogMessage; -import org.apache.qpid.server.logging.LogSubject; import org.apache.qpid.server.logging.RootMessageLogger; +import java.security.AccessController; +import java.security.Principal; import java.text.MessageFormat; +import java.util.Set; + +import javax.management.remote.JMXPrincipal; +import javax.security.auth.Subject; /** * NOTE: This actor is not thread safe. @@ -40,16 +44,23 @@ import java.text.MessageFormat; */ public class ManagementActor extends AbstractActor { + /** + * Holds the principal name to display when principal subject is not available. + * <p> + * This is useful for cases when users invoke JMX operation over JConsole + * attached to the local JVM. + */ + private static final String UNKNOWN_PRINCIPAL = "N/A"; + String _lastThreadName = null; /** * LOG FORMAT for the ManagementActor, - * Uses a MessageFormat call to insert the requried values according to - * these indicies: + * Uses a MessageFormat call to insert the required values according to + * these indices: * - * 0 - Connection ID - * 1 - User ID - * 2 - IP + * 0 - User ID + * 1 - IP */ public static final String MANAGEMENT_FORMAT = "mng:{0}({1})"; @@ -75,19 +86,20 @@ public class ManagementActor extends AbstractActor _lastThreadName = currentName; // Management Thread names have this format. - //RMI TCP Connection(2)-169.24.29.116 + // RMI TCP Connection(2)-169.24.29.116 // This is true for both LocalAPI and JMX Connections // However to be defensive lets test. String[] split = currentName.split("\\("); if (split.length == 2) { - String connectionID = split[1].split("\\)")[0]; String ip = currentName.split("-")[1]; - - actor = MessageFormat.format(MANAGEMENT_FORMAT, - connectionID, - ip); + String principalName = getPrincipalName(); + if (principalName == null) + { + principalName = UNKNOWN_PRINCIPAL; + } + actor = MessageFormat.format(MANAGEMENT_FORMAT, principalName, ip); } else { @@ -105,6 +117,30 @@ public class ManagementActor extends AbstractActor } } + /** + * Returns current JMX principal name. + * + * @return principal name or null if principal can not be found + */ + protected String getPrincipalName() + { + String identity = null; + + // retrieve Subject from current AccessControlContext + final Subject subject = Subject.getSubject(AccessController.getContext()); + if (subject != null) + { + // retrieve JMXPrincipal from Subject + final Set<JMXPrincipal> principals = subject.getPrincipals(JMXPrincipal.class); + if (principals != null && !principals.isEmpty()) + { + final Principal principal = principals.iterator().next(); + identity = principal.getName(); + } + } + return identity; + } + public String getLogMessage() { updateLogString(); diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/messages/ManagementConsole_logmessages.properties b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/messages/ManagementConsole_logmessages.properties index ab77476da2..ac77f674f2 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/messages/ManagementConsole_logmessages.properties +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/messages/ManagementConsole_logmessages.properties @@ -30,4 +30,4 @@ STOPPED = MNG-1005 : Stopped # 0 - Path SSL_KEYSTORE = MNG-1006 : Using SSL Keystore : {0} OPEN = MNG-1007 : Open : User {0} -CLOSE = MNG-1008 : Close
\ No newline at end of file +CLOSE = MNG-1008 : Close : User {0}
\ No newline at end of file diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/management/MBeanInvocationHandlerImpl.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/management/MBeanInvocationHandlerImpl.java index 68f7689283..169195304c 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/management/MBeanInvocationHandlerImpl.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/management/MBeanInvocationHandlerImpl.java @@ -313,7 +313,7 @@ public class MBeanInvocationHandlerImpl implements InvocationHandler, Notificati else if (notification.getType().equals(JMXConnectionNotification.CLOSED) || notification.getType().equals(JMXConnectionNotification.FAILED)) { - _logActor.message(ManagementConsoleMessages.CLOSE()); + _logActor.message(ManagementConsoleMessages.CLOSE(user)); } } } diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/logging/actors/ManagementActorTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/logging/actors/ManagementActorTest.java index 033ae3b4b3..d6b790db01 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/logging/actors/ManagementActorTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/logging/actors/ManagementActorTest.java @@ -20,13 +20,13 @@ */ package org.apache.qpid.server.logging.actors; -import org.apache.qpid.server.configuration.ServerConfiguration; -import org.apache.qpid.server.logging.LogMessage; -import org.apache.qpid.server.logging.LogSubject; -import org.apache.qpid.AMQException; - +import java.security.PrivilegedAction; +import java.util.Collections; import java.util.List; +import javax.management.remote.JMXPrincipal; +import javax.security.auth.Subject; + /** * Test : AMQPManagementActorTest * Validate the AMQPManagementActor class. @@ -96,8 +96,40 @@ public class ManagementActorTest extends BaseActorTestCase // Verify that the message has the right values assertTrue("Message contains the [mng: prefix", - logs.get(0).toString().contains("[mng:" + CONNECTION_ID + "(" + IP + ")")); + logs.get(0).toString().contains("[mng:N/A(" + IP + ")")); + } + + /** + * Tests appearance of principal name in log message + */ + public void testSubjectPrincipalNameAppearance() + { + Subject subject = new Subject(true, Collections.singleton(new JMXPrincipal("guest")), Collections.EMPTY_SET, + Collections.EMPTY_SET); + + final String message = Subject.doAs(subject, new PrivilegedAction<String>() + { + public String run() + { + return sendTestLogMessage(_amqpActor); + } + }); + + // Verify that the log message was created + assertNotNull("Test log message is not created!", message); + + List<Object> logs = _rawLogger.getLogMessages(); + + // Verify that at least one log message was added to log + assertEquals("Message log size not as expected.", 1, logs.size()); + + String logMessage = logs.get(0).toString(); + + // Verify that the logged message is present in the output + assertTrue("Message was not found in log message", logMessage.contains(message)); + // Verify that the message has the right principal value + assertTrue("Message contains the [mng: prefix", logMessage.contains("[mng:guest(" + IP + ")")); } } |