Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-8806

Implement optional java console per user action audit logging for A-MQ and FIS xPaaS images

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • None
    • FIS 2.0, FIS 2.x-GA
    • None
    • None
    • Documentation (Ref Guide, User Guide, etc.), Compatibility/Configuration, User Experience
    • % %

      we need to be able to audit all administrative actions in middleware applications, with each action personally identifiable to a named user.

      When deploying the A-MQ or FIS xPaaS images in OpenShift, the Java Console gives the ability to perform administrative actions on the Java container using JMX. But how can these be fully audited?

      We need to be able to audit every single JMX operation executed, the MBean on which it was operated (i.e. to discover the queue name/topic), the parameters passed to the operation, and the user who performed the action.

      As an example, here are the kinds of actions we need to be able to audit:

      • Creating a queue or topic
      • Pushing a message onto a queue or topic, along with the message content
      • Viewing a message on a queue or topic, with its content/message ID
      • Deleting a message from a queue or topic
      • Publishing a message to a Camel endpoint
      • Modifying a Camel route
      • Purging queues

      Example:

      The auditing capability in OpenShift 3.2.1+ can audit requests to the API, but does not seem to log the actual payloads of messages to the proxy, e.g.:

      I0306 16:44:56.350452 28768 audit.go:113] 2017-03-06T16:44:56.350367731Z AUDIT: id="aa5f30a9-6f9f-47ae-8de6-d111c639a8c2" ip="127.0.0.1" method="POST" user="developer" as="<self>" asgroups="<lookup>" namespace="amq" uri="/api/v1/namespaces/amq/pods/https:broker-amq-2-bjjbz:8778/proxy/jolokia/?maxDepth=7&maxCollectionSize=500&ignoreErrors=true&canonicalNaming=false"

      At the xPaaS image level, the auditing flag in ActiveMQ (-Dorg.apache.activemq.audit=true) cannot determine the user that performed the action, and just logs messages like this:

      INFO | anonymous called org.apache.activemq.broker.jmx.BrokerView.addQueue[bar] at 06-03-2017 16:43:48,289 | Thread-9
      INFO | anonymous called org.apache.activemq.broker.jmx.QueueView.sendTextMessage[{}, Helloworld, userA5m, ****] at 06-03-2017 16:58:16,015 | Thread-9

      As you can see, the user is not identified, and in the case of the second audit message, the queue name (MBean) is not audited either.

      We would like to see full, user-identifiable, auditing capability of all actions performed, including the payload of any request to Jolokia. Without this, we cannot enable Java Console for our end users.

      Thanks

              Unassigned Unassigned
              rhn-support-rkieley Roderick Kieley
              Lukas Lowinger Lukas Lowinger
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: