Thanks, Ray. If I set log level to warn I will lose the errors. Basically I was referring to below code which doesn't need to be log.error.
protected AuthenticationBuilder authenticateInternal(final AuthenticationTransaction transaction) throws AuthenticationException { final Collection<Credential> credentials = transaction.getCredentials(); final AuthenticationBuilder builder = new DefaultAuthenticationBuilder(NullPrincipal.getInstance()); credentials.stream().forEach(cred -> builder.addCredential(new BasicCredentialMetaData(cred))); final Set<AuthenticationHandler> handlerSet = getAuthenticationHandlersForThisTransaction(transaction); Assert.notNull(handlerSet, "Resolved authentication handlers for this transaction cannot be null"); if (handlerSet.isEmpty()) { LOGGER.warn("Resolved authentication handlers for this transaction are empty"); } final boolean success = credentials .stream() .anyMatch(credential -> { final boolean isSatisfied = handlerSet .stream() .filter(handler -> handler.supports(credential)) .anyMatch(handler -> { try { final PrincipalResolver resolver = getPrincipalResolverLinkedToHandlerIfAny(handler, transaction); authenticateAndResolvePrincipal(builder, credential, resolver, handler); final Pair<Boolean, Set<Throwable>> failures = evaluateAuthenticationPolicies(builder.build()); return failures.getKey(); } catch (final Exception e) { handleAuthenticationException(e, handler.getName(), builder); } return false; }); if (!isSatisfied) { LOGGER.error("Authentication has failed. Credentials may be incorrect or CAS cannot " + "find authentication handler that supports [{}] of type [{}]. Examine the configuration to " + "ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace " + "the authentication event.", credential, credential.getClass().getSimpleName()); } return isSatisfied; }); if (!success) { evaluateFinalAuthentication(builder, transaction); } return builder; } Any one has ideas about #1 above? When I looked at the code CasCoreAuthenticationHandlersConfiguration I see that HttpBasedServiceCredentialsAuthenticationHandler is only created here and its not a conditional bean either to override it? @Bean public AuthenticationHandler proxyAuthenticationHandler() { return new HttpBasedServiceCredentialsAuthenticationHandler(null, servicesManager, proxyPrincipalFactory(), Integer.MIN_VALUE, supportsTrustStoreSslSocketFactoryHttpClient); } Thanks On Tuesday, January 8, 2019 at 8:53:47 AM UTC-8, rbon wrote: > > Rao, > > For the last item, you can filter log messages. e.g. > <!-- DEBUG Created seed map='{username=[loginname]}' for > uid='loginname' --> > <AsyncLogger > name="org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl" > level="warn" includeLocation="true"> > <RegexFilter regex="Created seed map=.*" onMismatch="DENY" /> > </AsyncLogger> > > See https://logging.apache.org/log4j/log4j-2.2/manual/filters.html > > Ray > > On Mon, 2019-01-07 at 17:06 -0800, Mr Rao wrote: > > Hi, > > When I debug PolicyBasedAuthenticationManager.authenticateInternal I did > noticed three authentication handlers. > 1) My Custom AuthenticationHandler > 2 ) ClientAuthenticationHandler > 3 ) HttpBasedServiceCredentialsAuthenticationHandler > > I'm only using my customer handler and ClientAuthenticationHandler. I do > not see #3. How do I turn off > HttpBasedServiceCredentialsAuthenticationHandler completely? I'm > worried that hackers can send HttpClientCredential to get access to the > system. > > > Also I did notice that PolicyBasedAuthenticationManager has log.error > when we enter bad password which I also want suppress this logging. > > Thanks > Rao > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | rb...@uvic.ca <javascript:> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2c0d7685-89b7-442f-8c37-1dab0f59fd99%40apereo.org.