I was under the impression that this error is thrown when someone just accesses the link https://localhost:9443/carbon/, without providing credentials which is not supposed to happen. He should be redirected to login page automatically without any error.
Thanks, Thilina On Mon, Mar 19, 2012 at 5:28 PM, Kasun Gajasinghe <[email protected]> wrote: > On Mon, Mar 19, 2012 at 5:25 PM, Amila Jayasekara <[email protected]> wrote: > > On Mon, Mar 19, 2012 at 5:07 PM, Kasun Gajasinghe <[email protected]> > wrote: > >> On Mon, Mar 19, 2012 at 4:54 PM, Amila Jayasekara <[email protected]> > wrote: > >>> > >>> The error log is originating from AxisEngine. In which AxisEngine > >>> prints the AxisFault as an error. I also agree with Kasun that we > >>> should not show this exception trace to user. Shall we change the log > >>> level of log message to "debug" rather than "error" ? > >> > >> Yes, this is "giving too much information", (a phrase I learned > >> in Java Colombo!) :), well the information is inaccurate too. Yes, it's > >> good if this can be converted to debug level. But, is it ok to reveal > >> this detail even at debug level? > > > > Hi Kasun, > > > > These are server side logs and we rely on these logs for auditing > > purpose. We expect these logs will not be compromised and no one will > > change. Therefore having more information in logs will not create any > > security hole. But the information is redundant. I fixed issue by > > adding a AxisFault type. In AxisEngine it has following check, > > > > catch (AxisFault e) { > > // log the fault only if it is not an application level fault. > > if (e.getFaultType() != Constants.APPLICATION_FAULT) { > > log.error(e.getMessage(), e); > > } > > ... > > > > So setting axis fault type to Constants.APPLICATION_FAULT, solved the > > issue. > > Yes, I understand. This fix looks neat. > > Please take a svn up core/org.wso2.carbon.server.admin and > > check whether issue is resolved. > > Thanks, will do. > > --KasunG > > > > > > Thanks > > AmilaJ. > > > >> > >> > >>> > When an unauthenticated user tries to access > https://localhost:9443/carbon/, > >>> > it gets redirected to https://localhost:9443/carbon/admin/login.jsp. > >>> > > >>> > So in your case, does this error occur during this redirection? > >> > >> Hi Thilina, > >> > >> This redirection happens too. But this stack trace gets printed in the > >> server log. No affects to the functionality AFAIS. > >> > >> Thanks, > >> --KasunG > >> > >>> > >>> > > >>> > Thanks, > >>> > Thilina > >>> > > >>> > > >>> > On Mon, Mar 19, 2012 at 3:44 PM, Kasun Gajasinghe <[email protected]> > wrote: > >>> >> > >>> >> Hi, > >>> >> In the current trunk pack, when AppServer is started, and opened > the link > >>> >> provided for management console URL (https://localhost:9443/carbon/), > a > >>> >> exception gets thrown saying "org.apache.axis2.AxisFault: Access > Denied. > >>> >> Authentication failed - Invalid password provided." The full stack > trace is > >>> >> at [1]. This error is thrown everytime someone loaded the > management console > >>> >> before logging in. > >>> >> > >>> >> As far as I noticed, there isn't any exception thrown in the > released > >>> >> versions (I checked greg-4.1.1), only the WARNing message. I think > this > >>> >> should be fixed because this gives a wrong idea to the user that the > >>> >> password s/he provided was wrong! > >>> >> > >>> >> Thanks, > >>> >> --KasunG > >>> >> > >>> >> > >>> >> [1] > >>> >> [2012-03-19 15:38:14,839] WARN > >>> >> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - > Failed > >>> >> Administrator login attempt 'admin[0]' at [2012-03-19 > 15:38:14,0839] from IP > >>> >> address 10.100.3.137 > >>> >> [2012-03-19 15:38:14,841] ERROR > {org.apache.axis2.engine.AxisEngine} - > >>> >> Access Denied. Authentication failed - Invalid password provided. > >>> >> org.apache.axis2.AxisFault: Access Denied. Authentication failed - > Invalid > >>> >> password provided. > >>> >> at > >>> >> > org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:94) > >>> >> at > >>> >> > org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.invoke(AuthenticationHandler.java:53) > >>> >> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) > >>> >> at org.apache.axis2.engine.Phase.invoke(Phase.java:313) > >>> >> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) > >>> >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168) > >>> >> at > >>> >> > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) > >>> >> at > >>> >> > org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) > >>> >> at > >>> >> > org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:205) > >>> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > >>> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > >>> >> at > >>> >> > org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90) > >>> >> at > >>> >> > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111) > >>> >> at > >>> >> > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67) > >>> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > >>> >> at > >>> >> > org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:46) > >>> >> at > >>> >> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > >>> >> at > >>> >> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > >>> >> at > >>> >> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) > >>> >> at > >>> >> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > >>> >> at > >>> >> > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > >>> >> at > >>> >> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > >>> >> at > >>> >> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > >>> >> at > >>> >> > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:54) > >>> >> at > >>> >> > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:155) > >>> >> at > >>> >> > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > >>> >> at > >>> >> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > >>> >> at > >>> >> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > >>> >> at > >>> >> > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987) > >>> >> at > >>> >> > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579) > >>> >> at > >>> >> > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1600) > >>> >> at > >>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > >>> >> at > >>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > >>> >> at java.lang.Thread.run(Thread.java:662) > >>> >> > >>> >> > >>> >> > >>> >> -- > >>> >> Kasun Gajasinghe > >>> >> Software Engineer; WSO2 Inc.; http://wso2.com > >>> >> > >>> >> , > >>> >> email: kasung AT spamfree wso2.com cell: +94 (77) 678-0813 > >>> >> linked-in: http://lk.linkedin.com/in/gajasinghe > >>> >> blog: http://blog.kasunbg.org > >>> >> > >>> >> > >>> >> twitter: http://twitter.com/kasunbg > >>> >> > >>> >> > >>> >> > >>> > > >>> > > >>> > > >>> > -- > >>> > Thilina Buddhika > >>> > Associate Technical Lead > >>> > WSO2 Inc. ; http://wso2.com > >>> > lean . enterprise . middleware > >>> > > >>> > phone : +94 77 44 88 727 > >>> > blog : http://blog.thilinamb.com > >>> > > >>> > _______________________________________________ > >>> > Dev mailing list > >>> > [email protected] > >>> > http://wso2.org/cgi-bin/mailman/listinfo/dev > >>> > > >>> > >>> > >>> > >>> -- > >>> Mobile : +94773330538 > >> > >> > >> > >> > >> -- > >> Kasun Gajasinghe > >> Software Engineer; WSO2 Inc.; http://wso2.com > >> > >> , > >> email: kasung AT spamfree wso2.com cell: +94 (77) 678-0813 > >> linked-in: http://lk.linkedin.com/in/gajasinghe > >> blog: http://blog.kasunbg.org > >> > >> > >> twitter: http://twitter.com/kasunbg > > > > > > > > -- > > Mobile : +94773330538 > > > > -- > Kasun Gajasinghe > Software Engineer; WSO2 Inc.; http://wso2.com > > , > email: kasung AT spamfree wso2.com cell: +94 (77) 678-0813 > linked-in: http://lk.linkedin.com/in/gajasinghe > blog: http://blog.kasunbg.org > > > twitter: http://twitter.com/kasunbg > -- Thilina Buddhika Associate Technical Lead WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
