[ https://issues.apache.org/jira/browse/KNOX-465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14193595#comment-14193595 ]
ASF subversion and git services commented on KNOX-465: ------------------------------------------------------ Commit 868e5715e4a3fe21c08cedfd58ba5cd67ff65fe1 in knox's branch refs/heads/master from [~kevin.minder] [ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=868e571 ] KNOX-465: Initial audit record can contain leftover principal name > Initial audit record can contain leftover principal name > -------------------------------------------------------- > > Key: KNOX-465 > URL: https://issues.apache.org/jira/browse/KNOX-465 > Project: Apache Knox > Issue Type: Bug > Components: Server > Affects Versions: 0.4.0 > Reporter: Kevin Minder > Assignee: Kevin Minder > Priority: Critical > Fix For: 0.6.0 > > > The log fragment below illustrates the case in the second group where 'sam' > is logged as the user prior to authentication having occurred. > {code} > 14/11/01 17:02:15 > ||055eedda-3a2e-4207-9a58-f5317c224397|audit|WEBHDFS|sam|||access|uri|/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY|unavailable| > 14/11/01 17:02:15 > ||055eedda-3a2e-4207-9a58-f5317c224397|audit|WEBHDFS|sam|||access|uri|/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY|success|Response > status: 401 > ... > 14/11/01 17:03:38 > ||ebc09492-dd96-4795-a55f-aad1d3526973|audit|WEBHDFS|sam|||access|uri|/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY|unavailable| > 14/11/01 17:03:38 > ||ebc09492-dd96-4795-a55f-aad1d3526973|audit|WEBHDFS|tom|||authentication|uri|/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY|success| > 14/11/01 17:03:38 > ||ebc09492-dd96-4795-a55f-aad1d3526973|audit|WEBHDFS|tom|||dispatch|uri|http://localhost:50070/webhdfs/v1/?user.name=tom&op=GETHOMEDIRECTORY|success|Response > status: 200 > 14/11/01 17:03:38 > ||ebc09492-dd96-4795-a55f-aad1d3526973|audit|WEBHDFS|tom|||access|uri|/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY|success|Response > status: 200 > {code} > Due to thread pooling in the container this is difficult to reproduce but > using these three curl command in various combinations will eventually do so. > {code} > curl -i -k -u tom:tom-password -X GET > 'https://localhost:8443/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY' > curl -i -k -u sam:sam-password -X GET > 'https://localhost:8443/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY' > curl -i -k -u sam:wrong-password -X GET > 'https://localhost:8443/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY' > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)