diff options
Diffstat (limited to 'qpid/java')
5 files changed, 89 insertions, 76 deletions
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/actors/ManagementActor.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/actors/ManagementActor.java index 2825fa1b75..286fc78719 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/actors/ManagementActor.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/actors/ManagementActor.java @@ -20,11 +20,15 @@ */ package org.apache.qpid.server.logging.actors; -import org.apache.qpid.server.logging.LogMessage; -import org.apache.qpid.server.logging.LogSubject; import org.apache.qpid.server.logging.RootMessageLogger; +import java.security.AccessController; +import java.security.Principal; import java.text.MessageFormat; +import java.util.Set; + +import javax.management.remote.JMXPrincipal; +import javax.security.auth.Subject; /** * NOTE: This actor is not thread safe. @@ -40,16 +44,23 @@ import java.text.MessageFormat; */ public class ManagementActor extends AbstractActor { + /** + * Holds the principal name to display when principal subject is not available. + * <p> + * This is useful for cases when users invoke JMX operation over JConsole + * attached to the local JVM. + */ + private static final String UNKNOWN_PRINCIPAL = "N/A"; + String _lastThreadName = null; /** * LOG FORMAT for the ManagementActor, - * Uses a MessageFormat call to insert the requried values according to - * these indicies: + * Uses a MessageFormat call to insert the required values according to + * these indices: * - * 0 - Connection ID - * 1 - User ID - * 2 - IP + * 0 - User ID + * 1 - IP */ public static final String MANAGEMENT_FORMAT = "mng:{0}({1})"; @@ -75,19 +86,20 @@ public class ManagementActor extends AbstractActor _lastThreadName = currentName; // Management Thread names have this format. - //RMI TCP Connection(2)-169.24.29.116 + // RMI TCP Connection(2)-169.24.29.116 // This is true for both LocalAPI and JMX Connections // However to be defensive lets test. String[] split = currentName.split("\\("); if (split.length == 2) { - String connectionID = split[1].split("\\)")[0]; String ip = currentName.split("-")[1]; - - actor = MessageFormat.format(MANAGEMENT_FORMAT, - connectionID, - ip); + String principalName = getPrincipalName(); + if (principalName == null) + { + principalName = UNKNOWN_PRINCIPAL; + } + actor = MessageFormat.format(MANAGEMENT_FORMAT, principalName, ip); } else { @@ -105,6 +117,30 @@ public class ManagementActor extends AbstractActor } } + /** + * Returns current JMX principal name. + * + * @return principal name or null if principal can not be found + */ + protected String getPrincipalName() + { + String identity = null; + + // retrieve Subject from current AccessControlContext + final Subject subject = Subject.getSubject(AccessController.getContext()); + if (subject != null) + { + // retrieve JMXPrincipal from Subject + final Set<JMXPrincipal> principals = subject.getPrincipals(JMXPrincipal.class); + if (principals != null && !principals.isEmpty()) + { + final Principal principal = principals.iterator().next(); + identity = principal.getName(); + } + } + return identity; + } + public String getLogMessage() { updateLogString(); diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/messages/ManagementConsole_logmessages.properties b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/messages/ManagementConsole_logmessages.properties index ab77476da2..ac77f674f2 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/messages/ManagementConsole_logmessages.properties +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/logging/messages/ManagementConsole_logmessages.properties @@ -30,4 +30,4 @@ STOPPED = MNG-1005 : Stopped # 0 - Path SSL_KEYSTORE = MNG-1006 : Using SSL Keystore : {0} OPEN = MNG-1007 : Open : User {0} -CLOSE = MNG-1008 : Close
\ No newline at end of file +CLOSE = MNG-1008 : Close : User {0}
\ No newline at end of file diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/management/MBeanInvocationHandlerImpl.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/management/MBeanInvocationHandlerImpl.java index 68f7689283..169195304c 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/management/MBeanInvocationHandlerImpl.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/management/MBeanInvocationHandlerImpl.java @@ -313,7 +313,7 @@ public class MBeanInvocationHandlerImpl implements InvocationHandler, Notificati else if (notification.getType().equals(JMXConnectionNotification.CLOSED) || notification.getType().equals(JMXConnectionNotification.FAILED)) { - _logActor.message(ManagementConsoleMessages.CLOSE()); + _logActor.message(ManagementConsoleMessages.CLOSE(user)); } } } diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/logging/actors/ManagementActorTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/logging/actors/ManagementActorTest.java index 033ae3b4b3..d6b790db01 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/logging/actors/ManagementActorTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/logging/actors/ManagementActorTest.java @@ -20,13 +20,13 @@ */ package org.apache.qpid.server.logging.actors; -import org.apache.qpid.server.configuration.ServerConfiguration; -import org.apache.qpid.server.logging.LogMessage; -import org.apache.qpid.server.logging.LogSubject; -import org.apache.qpid.AMQException; - +import java.security.PrivilegedAction; +import java.util.Collections; import java.util.List; +import javax.management.remote.JMXPrincipal; +import javax.security.auth.Subject; + /** * Test : AMQPManagementActorTest * Validate the AMQPManagementActor class. @@ -96,8 +96,40 @@ public class ManagementActorTest extends BaseActorTestCase // Verify that the message has the right values assertTrue("Message contains the [mng: prefix", - logs.get(0).toString().contains("[mng:" + CONNECTION_ID + "(" + IP + ")")); + logs.get(0).toString().contains("[mng:N/A(" + IP + ")")); + } + + /** + * Tests appearance of principal name in log message + */ + public void testSubjectPrincipalNameAppearance() + { + Subject subject = new Subject(true, Collections.singleton(new JMXPrincipal("guest")), Collections.EMPTY_SET, + Collections.EMPTY_SET); + + final String message = Subject.doAs(subject, new PrivilegedAction<String>() + { + public String run() + { + return sendTestLogMessage(_amqpActor); + } + }); + + // Verify that the log message was created + assertNotNull("Test log message is not created!", message); + + List<Object> logs = _rawLogger.getLogMessages(); + + // Verify that at least one log message was added to log + assertEquals("Message log size not as expected.", 1, logs.size()); + + String logMessage = logs.get(0).toString(); + + // Verify that the logged message is present in the output + assertTrue("Message was not found in log message", logMessage.contains(message)); + // Verify that the message has the right principal value + assertTrue("Message contains the [mng: prefix", logMessage.contains("[mng:guest(" + IP + ")")); } } diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/management/jmx/ManagementActorLoggingTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/management/jmx/ManagementActorLoggingTest.java index 19657ef396..2864d8e994 100644 --- a/qpid/java/systests/src/main/java/org/apache/qpid/management/jmx/ManagementActorLoggingTest.java +++ b/qpid/java/systests/src/main/java/org/apache/qpid/management/jmx/ManagementActorLoggingTest.java @@ -68,61 +68,6 @@ public class ManagementActorLoggingTest extends AbstractTestLogging /** * Description: - * When a JMX Management connection is made then this will be logged out. - * - * Input: - * - * 1. Running Broker - * 2. Connect Management client via JMX - * Output: - * - * <date> MNG-1007 : Open <user> - * - * Validation Steps: - * 1. The MNG ID is correct - * 2. The user is correct - * - * On connection close a MNG-1008 is expected - * - * * <date> MNG-1008 : Close - * - * Validation Steps: - * 1. The MNG ID is correct - * - * @throws java.io.IOException - if there is a problem reseting the log monitor - */ - public void testJMXManagementConsoleConnection() throws IOException - { - List<String> results = waitAndFindMatches("MNG-1007"); - - assertEquals("Unexpected Management Connection count", 1, results.size()); - - String log = getLogMessage(results, 0); - - validateMessageID("MNG-1007", log); - - assertTrue("User not in log message:" + log, log.endsWith(USER)); - // Extract the id from the log string - // MESSAGE [mng:1(rmi://169.24.29.116)] MNG-1007 : Open : User admin - int connectionID = Integer.parseInt(fromActor(getLog(results.get(0))).charAt(4) + ""); - - results = findMatches("MNG-1008"); - - assertEquals("Unexpected Management Connection close count", 0, results.size()); - - _jmxUtils.close(); - _closed = true; - - results = waitAndFindMatches("MNG-1008"); - - assertEquals("Unexpected Management Connection count", 1, results.size()); - - assertEquals("Close does not have same id as open,", connectionID, - Integer.parseInt(fromActor(getLog(results.get(0))).charAt(4) + "")); - } - - /** - * Description: * When a connected client has its connection closed via the Management Console this will be logged as a CON-1002 message. * Input: * |