Closed Botje closed 1 year ago
I think this issue can and should be fixed in the broker itself. We don't want to impose this requirement on plugin implementations. There are likely other tools like Prometheus which require an HTTP endpoint to scrape which will hit the same issue. If we can solve it in the broker then every plugin doesn't have to solve the problem itself.
Thank you for the swift reply. ~Is there a ticket in Jira I can follow or should I create a new one?~ Logged as ARTEMIS-4420.
ActiveMQ Artemis supports audit logs, which log all administrative actions that happen on the broker. These logs identify the "current user" for an administrative access by one of two methods:
Subject
associated with the current security manager context, orThreadLocal<Subject>
, which is set by JolokiaFilter as part of interaction with the admin console.For a non-Artemis servlet such as the metrics plugin, this
ThreadLocal
is set to whateverSubject
made the previous request on this thread. This leads to situations where metric accesses are logged as being done by ghost users.This PR explicitly supplies an empty
Subject
for the scraping action.To reproduce the issue:
logger.audit_base
should be atINFO
level)curl http://localhost:8161/metrics/
.After applying this patch, notice that the audit logs are for anonymous@127.0.0.1.