apache
KAFKA-16214: add client info in authentication error log
When client authenticate failed, the server will log with the client IP address only. The the IP address sometimes cannot represent a specific user, especially if there is proxy between client and server. Ex:
INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /127.0.0.1 (channelId=127.0.0.1:9093-127.0.0.1:53223-5) (Authentication failed: Invalid username or password) (org.apache.kafka.common.network.Selector)
If there are many failed authentication log appeared in the server, it'd be better to identify who is triggering it soon. Adding the client info to the log is a good start. This PR adds the user info in the log if any. After this PR, the log will be like this:
INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /127.0.0.1 (channelId=127.0.0.1:9093-127.0.0.1:54700-0) (Authentication failed: Invalid username or password for user {abc}) (org.apache.kafka.common.network.Selector)
I tried to add the info in the caller side (i.e. Selector), but we only have KafkaChannel info there, we cannot get client info (i.e. principle) if authentication is not successful. So add the user info in the authenticator side.
Committer Checklist (excluded from commit message)
- [ ] Verify design and implementation
- [ ] Verify test coverage and CI build status
- [ ] Verify documentation (including upgrade notes)
This PR is being marked as stale since it has not had any activity in 90 days. If you would like to keep this PR alive, please ask a committer for review. If the PR has merge conflicts, please update it with the latest from trunk (or appropriate release branch)
If this PR is no longer valid or desired, please feel free to close it. If no activity occurs in the next 30 days, it will be automatically closed.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}