diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-22 19:17:46 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-22 19:17:46 +0100 |
| commit | f8267c035600942c5ecd6c88f339956cf6b7c399 (patch) | |
| tree | 7c3bdaad50e36d1c43a5a13377cce0180d7c2c1c /controller-server | |
| parent | e6f71f85c5d2fe7acbecc141b6ff9fc0f3b4528b (diff) | |
Log all authorization failures
Diffstat (limited to 'controller-server')
| -rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 0e703cf4cec..5be7fe03319 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -8,6 +8,7 @@ import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.HttpRequest.Method; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.SecurityRequestFilter; +import com.yahoo.log.LogLevel; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzPrincipal; @@ -30,6 +31,7 @@ import javax.ws.rs.WebApplicationException; import java.util.Arrays; import java.util.List; import java.util.Optional; +import java.util.logging.Logger; import static com.yahoo.jdisc.http.HttpRequest.Method.GET; import static com.yahoo.jdisc.http.HttpRequest.Method.HEAD; @@ -49,6 +51,8 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { private static final List<Method> WHITELISTED_METHODS = Arrays.asList(GET, OPTIONS, HEAD); + private static final Logger log = Logger.getLogger(ControllerAuthorizationFilter.class.getName()); + private final AthenzClientFactory clientFactory; private final Controller controller; private final EntityService entityService; @@ -261,7 +265,10 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { public void handle(ResponseHandler responseHandler, DiscFilterRequest request, WebApplicationException exception) { - sendErrorResponse(responseHandler, exception.getResponse().getStatus(), exception.getMessage()); + int statusCode = exception.getResponse().getStatus(); + String errorMessage = exception.getMessage(); + log.log(LogLevel.WARNING, String.format("Access denied(%d): %s", statusCode, errorMessage), exception); + sendErrorResponse(responseHandler, statusCode, errorMessage); } } |