[
https://issues.apache.org/jira/browse/ZOOKEEPER-4648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Beibei Zhao updated ZOOKEEPER-4648:
-----------------------------------
Description:
FinalRequestProcessor addAuditLog before the process of request and make
failedTxn=false. But I think failedTxn should be true if the request can not
pass the checkACL and throw KeeperException or other exceptions, since the err
code after request processing is also important for audit.
{code:java}
@param failedTxn whether audit is being done failed transaction for normal
transaction
public void processRequest(Request request) {
......
Code err = Code.OK;
try {
......
AuditHelper.addAuditLog(request, rc);
switch (request.type) {
......
case OpCode.getAllChildrenNumber: {
lastOp = "GETACN";
......
zks.checkACL(
request.cnxn,
zks.getZKDatabase().aclForNode(n),
ZooDefs.Perms.READ,
request.authInfo,
path,
null);
......
break;
}
......
}
} catch (SessionMovedException e) {
......
} catch (KeeperException e) {
err = e.code();
} catch (Exception e) {
......
}
{code}
if we add audit log after the process of request like below, the log info maybe
more accurate.
{code:java}
Code err = Code.OK;
try {
......
} catch (SessionMovedException e) {
......
} catch (KeeperException e) {
err = e.code();
} catch (Exception e) {
......
}
if (err == Code.OK) {
AuditHelper.addAuditLog(request, rc, false);
} else {
AuditHelper.addAuditLog(request, rc, true);
}
{code}
was:
FinalRequestProcessor addAuditLog before the process of request and make
failedTxn=false, but I think failedTxn should be true if the request can not
pass the checkACL and throw KeeperException.
{code:java}
@param failedTxn whether audit is being done failed transaction for normal
transaction
public void processRequest(Request request) {
......
Code err = Code.OK;
try {
......
AuditHelper.addAuditLog(request, rc);
switch (request.type) {
......
case OpCode.getAllChildrenNumber: {
lastOp = "GETACN";
......
zks.checkACL(
request.cnxn,
zks.getZKDatabase().aclForNode(n),
ZooDefs.Perms.READ,
request.authInfo,
path,
null);
......
break;
}
......
}
} catch (SessionMovedException e) {
......
} catch (KeeperException e) {
err = e.code();
} catch (Exception e) {
......
}
{code}
if we add audit log after the process of request like below, the log info maybe
more accurate.
{code:java}
Code err = Code.OK;
try {
......
} catch (SessionMovedException e) {
......
} catch (KeeperException e) {
err = e.code();
} catch (Exception e) {
......
}
if (err == Code.OK) {
AuditHelper.addAuditLog(request, rc, false);
} else {
AuditHelper.addAuditLog(request, rc, true);
}
{code}
> FinalRequestProcessor addAuditLog after the process of request maybe better.
> ----------------------------------------------------------------------------
>
> Key: ZOOKEEPER-4648
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4648
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: Beibei Zhao
> Priority: Major
>
> FinalRequestProcessor addAuditLog before the process of request and make
> failedTxn=false. But I think failedTxn should be true if the request can not
> pass the checkACL and throw KeeperException or other exceptions, since the
> err code after request processing is also important for audit.
> {code:java}
> @param failedTxn whether audit is being done failed transaction for normal
> transaction
> public void processRequest(Request request) {
> ......
> Code err = Code.OK;
> try {
> ......
> AuditHelper.addAuditLog(request, rc);
> switch (request.type) {
> ......
> case OpCode.getAllChildrenNumber: {
> lastOp = "GETACN";
> ......
> zks.checkACL(
> request.cnxn,
> zks.getZKDatabase().aclForNode(n),
> ZooDefs.Perms.READ,
> request.authInfo,
> path,
> null);
> ......
> break;
> }
> ......
> }
> } catch (SessionMovedException e) {
> ......
> } catch (KeeperException e) {
> err = e.code();
> } catch (Exception e) {
> ......
> }
> {code}
> if we add audit log after the process of request like below, the log info
> maybe more accurate.
> {code:java}
> Code err = Code.OK;
> try {
> ......
> } catch (SessionMovedException e) {
> ......
> } catch (KeeperException e) {
> err = e.code();
> } catch (Exception e) {
> ......
> }
> if (err == Code.OK) {
> AuditHelper.addAuditLog(request, rc, false);
> } else {
> AuditHelper.addAuditLog(request, rc, true);
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
