[
https://issues.apache.org/jira/browse/ZOOKEEPER-4648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Beibei Zhao updated ZOOKEEPER-4648:
-----------------------------------
Description:
FinalRequestProcessor addAuditLog before the process of request and make
failedTxn=false. But I think failedTxn should be true if the request can not
pass the checkACL and throw KeeperException or other exceptions, since the err
code after request processing is also important for audit.
{code:java}
@param failedTxn whether audit is being done failed transaction for normal
transaction
public void processRequest(Request request) {
......
Code err = Code.OK;
try {
......
AuditHelper.addAuditLog(request, rc);
switch (request.type) {
......
case OpCode.getAllChildrenNumber: {
lastOp = "GETACN";
......
zks.checkACL(
request.cnxn,
zks.getZKDatabase().aclForNode(n),
ZooDefs.Perms.READ,
request.authInfo,
path,
null);
......
break;
}
......
}
} catch (SessionMovedException e) {
......
} catch (KeeperException e) {
err = e.code();
} catch (Exception e) {
......
}
{code}
if the failedTxn == true or the rc.err != Code.OK, the log result will be
FAILURE:
{code:java}
private static Result getResult(ProcessTxnResult rc, boolean failedTxn) {
if (failedTxn) {
return Result.FAILURE;
} else {
return rc.err == KeeperException.Code.OK.intValue() ?
Result.SUCCESS : Result.FAILURE;
}
}
{code}
So we could add audit log after request processing and record the err code like
below, the log info maybe more accurate.
was:
FinalRequestProcessor addAuditLog before the process of request and make
failedTxn=false. But I think failedTxn should be true if the request can not
pass the checkACL and throw KeeperException or other exceptions, since the err
code after request processing is also important for audit.
{code:java}
@param failedTxn whether audit is being done failed transaction for normal
transaction
public void processRequest(Request request) {
......
Code err = Code.OK;
try {
......
AuditHelper.addAuditLog(request, rc);
switch (request.type) {
......
case OpCode.getAllChildrenNumber: {
lastOp = "GETACN";
......
zks.checkACL(
request.cnxn,
zks.getZKDatabase().aclForNode(n),
ZooDefs.Perms.READ,
request.authInfo,
path,
null);
......
break;
}
......
}
} catch (SessionMovedException e) {
......
} catch (KeeperException e) {
err = e.code();
} catch (Exception e) {
......
}
{code}
if we add audit log after the process of request like below, the log info maybe
more accurate.
{code:java}
Code err = Code.OK;
try {
......
} catch (SessionMovedException e) {
......
} catch (KeeperException e) {
err = e.code();
} catch (Exception e) {
......
}
if (err == Code.OK) {
AuditHelper.addAuditLog(request, rc, false);
} else {
AuditHelper.addAuditLog(request, rc, true);
}
{code}
> FinalRequestProcessor addAuditLog after the process of request maybe better.
> ----------------------------------------------------------------------------
>
> Key: ZOOKEEPER-4648
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4648
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: Beibei Zhao
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> FinalRequestProcessor addAuditLog before the process of request and make
> failedTxn=false. But I think failedTxn should be true if the request can not
> pass the checkACL and throw KeeperException or other exceptions, since the
> err code after request processing is also important for audit.
> {code:java}
> @param failedTxn whether audit is being done failed transaction for normal
> transaction
> public void processRequest(Request request) {
> ......
> Code err = Code.OK;
> try {
> ......
> AuditHelper.addAuditLog(request, rc);
> switch (request.type) {
> ......
> case OpCode.getAllChildrenNumber: {
> lastOp = "GETACN";
> ......
> zks.checkACL(
> request.cnxn,
> zks.getZKDatabase().aclForNode(n),
> ZooDefs.Perms.READ,
> request.authInfo,
> path,
> null);
> ......
> break;
> }
> ......
> }
> } catch (SessionMovedException e) {
> ......
> } catch (KeeperException e) {
> err = e.code();
> } catch (Exception e) {
> ......
> }
> {code}
> if the failedTxn == true or the rc.err != Code.OK, the log result will be
> FAILURE:
> {code:java}
> private static Result getResult(ProcessTxnResult rc, boolean failedTxn) {
> if (failedTxn) {
> return Result.FAILURE;
> } else {
> return rc.err == KeeperException.Code.OK.intValue() ?
> Result.SUCCESS : Result.FAILURE;
> }
> }
> {code}
> So we could add audit log after request processing and record the err code
> like below, the log info maybe more accurate.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
