From f8267c035600942c5ecd6c88f339956cf6b7c399 Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Thu, 22 Feb 2018 19:17:46 +0100 Subject: Log all authorization failures --- .../controller/restapi/filter/ControllerAuthorizationFilter.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'controller-server') diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 0e703cf4cec..5be7fe03319 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -8,6 +8,7 @@ import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.HttpRequest.Method; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.SecurityRequestFilter; +import com.yahoo.log.LogLevel; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzPrincipal; @@ -30,6 +31,7 @@ import javax.ws.rs.WebApplicationException; import java.util.Arrays; import java.util.List; import java.util.Optional; +import java.util.logging.Logger; import static com.yahoo.jdisc.http.HttpRequest.Method.GET; import static com.yahoo.jdisc.http.HttpRequest.Method.HEAD; @@ -49,6 +51,8 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { private static final List WHITELISTED_METHODS = Arrays.asList(GET, OPTIONS, HEAD); + private static final Logger log = Logger.getLogger(ControllerAuthorizationFilter.class.getName()); + private final AthenzClientFactory clientFactory; private final Controller controller; private final EntityService entityService; @@ -261,7 +265,10 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { public void handle(ResponseHandler responseHandler, DiscFilterRequest request, WebApplicationException exception) { - sendErrorResponse(responseHandler, exception.getResponse().getStatus(), exception.getMessage()); + int statusCode = exception.getResponse().getStatus(); + String errorMessage = exception.getMessage(); + log.log(LogLevel.WARNING, String.format("Access denied(%d): %s", statusCode, errorMessage), exception); + sendErrorResponse(responseHandler, statusCode, errorMessage); } } -- cgit v1.2.3