Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11800

Simple String in Elytron rotating-file-audit-log.suffix attribute causes wrong audit file name

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.1.0.ER2
    • 7.1.0.ER1
    • Security
    • None
    • Hide

      1) Add some user to application server:

      ./add-user.sh -u admin -p pass@123

      2) Use Elytron authentication to http management interface:

      <http-interface http-authentication-factory="management-http-authentication">
    <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
    <socket-binding http="management-http"/>
</http-interface>

      3) Add rotating-file-audit-log and enable it for ManagementDomain 

      /subsystem=elytron/rotating-file-audit-log=rotating:add(path=audit.log,format=SIMPLE,max-backup-index=5,rotate-on-boot=false,rotate-size=5,suffix="'someText'",synchronized=true,relative-to=jboss.server.log.dir)
/subsystem=elytron/security-domain=ManagementDomain:write-attribute(name=security-event-listener,value=rotating)
reload

      4) Try access management console more times (you can use correct or incorrect user and password) and you will see file with name like "audit.lognull.1" in EAP_HOME/standalone/log, correct name should be "audit.logsomeText.1"

      Show
      1) Add some user to application server: ./add-user.sh -u admin -p pass@123 2) Use Elytron authentication to http management interface: <http- interface http-authentication-factory= "management-http-authentication" > <http-upgrade enabled= " true " sasl-authentication-factory= "management-sasl-authentication" /> <socket-binding http= "management-http" /> </http- interface > 3) Add rotating-file-audit-log and enable it for ManagementDomain /subsystem=elytron/rotating-file-audit-log=rotating:add(path=audit.log,format=SIMPLE,max-backup-index=5,rotate-on-boot= false ,rotate-size=5,suffix= " 'someText' " , synchronized = true ,relative-to=jboss.server.log.dir) /subsystem=elytron/security-domain=ManagementDomain:write-attribute(name=security-event-listener,value=rotating) reload 4) Try access management console more times (you can use correct or incorrect user and password) and you will see file with name like "audit.lognull.1" in EAP_HOME/standalone/log, correct name should be "audit.logsomeText.1"

    Description

      suffix attribute of Elytron rotating-file-audit-log uses java.text.SimpleDateFormat format [1]. It means that 'someText' can be used as value of suffix attribute. However in case when only this string (without any pattern letters) is used in suffix, then resulting audit file name includes suffix "null" instead of defined suffix "someText". In case when suffix includes also pattern letters (e.g. d'someText') then it works correctly.

      [1] https://docs.oracle.com/javase/8/docs/api/java/text/SimpleDateFormat.html

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-1266 Simple String in Elytron rotating-file-audit-log.suffix attribute causes wrong audit file name

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              thofman Tomas Hofman
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: