New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve user authorization #1944

Merged
merged 7 commits into from Mar 18, 2016

Conversation

Projects
None yet
2 participants
@bernd
Member

bernd commented Mar 17, 2016

  • Fix user name in authorization error log messages and add HTTP verb and path to ease debugging.
  • Do not log a stack trace on authorization error.
  • Disable annoying AbstractValidatingSessionManager INFO warnings in log4j2 config.
  • Fix HTTP status code for authorization errors. (return 403 instead of 401)

@bernd bernd added this to the 2.0.0 milestone Mar 17, 2016

@edmundoa edmundoa self-assigned this Mar 17, 2016

annotationHandler.assertAuthorized(annotation);
} catch (AuthorizationException e) {
LOG.info("User " + subject + "not authorized.", e);
throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\"");
final String msg = String.format(Locale.US, "User [%s] not authorized. (%s %s)", userName,

This comment has been minimized.

@edmundoa

edmundoa Mar 18, 2016

Member

Just wondering: why do we need to use String.format for this?

This comment has been minimized.

@bernd

bernd Mar 18, 2016

Member

I just wanted to avoid using + to concatenate lots of strings. 😉

@edmundoa

This comment has been minimized.

Member

edmundoa commented Mar 18, 2016

LGTM 👍

edmundoa added a commit that referenced this pull request Mar 18, 2016

@edmundoa edmundoa merged commit e4f1b51 into master Mar 18, 2016

4 checks passed

ci-server-integration Jenkins build graylog2-server-integration-pr 746 has succeeded
Details
ci-web-linter Jenkins build graylog-pr-linter-check 236 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@edmundoa edmundoa deleted the improve-user-authentication branch Mar 18, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment