Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-4255

add trace logging to the security constraint processing in wildfly/undertow

    XMLWordPrintable

    Details

    • Target Release:
    • Affects:
      Release Notes
    • Release Notes Docs Status:
      Documented as Known Issue
    • Sprint:
      EAP 7.0.1

      Description

      Add trace logging to the security constraint processing in wildfly/undertow.

      Tomcat/JBossWeb logs the following:

      11:32:09,709 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Security checking request GET /SimpleWar/Hello
      11:32:09,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[Secure Content]' against GET /Hello --> true
      11:32:09,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[Secure Content]' against GET /Hello --> true
      11:32:09,709 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling hasUserDataPermission()
      11:32:09,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) User data constraint has no restrictions
      11:32:09,710 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling authenticate()

      ...
      ...

      11:32:09,727 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Authenticated 'admin' with type 'BASIC'
      11:32:09,727 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling accessControl()
      11:32:09,727 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking roles GenericPrincipal[admin(JBossAdmin,manager,)]
      11:32:09,727 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) JBWEB000017: User [admin] has role [JBossAdmin]
      11:32:09,727 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Role found: JBossAdmin
      11:32:09,727 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Successfully passed all security constraints

      This helps us (support) determine if the user is authenticated, what role is required for a specific resource.

      This is going to be very difficult to support if we do not have this type of information.

        Gliffy Diagrams

          Attachments

            Issue Links

            causes

            Sub-task - The sub-task of the issue JBEAP-4453 Document JBEAP-3998 for RN

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed
            cloned to

            Bug - A problem which impairs or prevents the functions of the product. UNDERTOW-692 add trace logging to the security constraint processing in wildfly/undertow

            • Critical - An upcoming version that is affected by this issue cannot be released until it's addressed. A critical bug is one that crashes the application, causes loss of data or severe memory leak.
            • Resolved
            is incorporated by

            Component Upgrade - A task tracking an update to a bundled component JBEAP-4586 Upgrade Undertow to 1.3.22.Final

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed
            is related to

            Bug - A problem which impairs or prevents the functions of the product. JBEAP-4927 (7.0.z) Provide username in trace logging for sec constraint during logout

            • Major - A request that should be considered seriously but is not a show stopper.
            • Verified

              Activity

                People

                • Assignee:
                  iweiss Ingo Weiss
                  Reporter:
                  dehort Derek Horton
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: