Rao,
For the last item, you can filter log messages. e.g.
<!-- DEBUG Created seed map='{username=[loginname]}' for
uid='loginname' -->
<AsyncLogger
name="org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl"
level="warn" includeLocation="true">
<RegexFilter regex="Created seed map=.*" onMismatch="DENY" />
</AsyncLogger>
See https://logging.apache.org/log4j/log4j-2.2/manual/filters.html
Ray
On Mon, 2019-01-07 at 17:06 -0800, Mr Rao wrote:
Hi,
When I debug PolicyBasedAuthenticationManager.authenticateInternal I did
noticed three authentication handlers.
1) My Custom AuthenticationHandler
2 ) ClientAuthenticationHandler
3 ) HttpBasedServiceCredentialsAuthenticationHandler
I'm only using my customer handler and ClientAuthenticationHandler. I do not
see #3. How do I turn off HttpBasedServiceCredentialsAuthenticationHandler
completely? I'm worried that hackers can send HttpClientCredential to get
access to the system.
Also I did notice that PolicyBasedAuthenticationManager has log.error when we
enter bad password which I also want suppress this logging.
Thanks
Rao
--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1546966420.5350.20.camel%40uvic.ca.
