[
https://issues.apache.org/jira/browse/ARTEMIS-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15805846#comment-15805846
]
Justin Bertram edited comment on ARTEMIS-899 at 1/6/17 11:02 PM:
-----------------------------------------------------------------
I just sent a PR and here's what I changed:
* Log a security exception at {{WARN}} instead of {{ERROR}}
* Updated relevant JAAS login modules to include username (or equivalent) in
case of authn failure. This information is logged at {{DEBUG}} level by
{{org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager}}.
To be clear, once I got into the implementation it made more sense for the
failure information to come from the login module itself but for the logging to
be done at a central place (i.e. the security manager). Also, I decided to log
the failure details at {{DEBUG}} level because some might view that as more
sensitive and not want it active by default.
was (Author: jbertram):
I just sent a PR and here's what I changed:
* Log a security exception at {{WARN}} instead of {{ERROR}}
* Updated relevant JAAS login modules to include username (or equivalent) in
case of authn failure. This information is logged at {{DEBUG}} level by
{{org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager}}.
> On user authentication a stack trace is logged to the error channel
> -------------------------------------------------------------------
>
> Key: ARTEMIS-899
> URL: https://issues.apache.org/jira/browse/ARTEMIS-899
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 1.5.1
> Reporter: Mike Hearn
> Assignee: Justin Bertram
>
> When a user fails to authenticate, this probably justifies a WARNING but not
> a full stack trace to the ERROR logger:
> E 16:05:33 39 server.handleCreateSession - AMQ224018: Failed to create session
> org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ119031:
> Unable to validate user
> at
> org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:145)
> ~[artemis-server-1.4.0.jar:1.4.0]
> at
> org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1208)
> ~[artemis-server-1.4.0.jar:1.4.0]
> at
> org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:154)
> [artemis-server-1.4.0.jar:1.4.0]
> at
> org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:80)
> [artemis-server-1.4.0.jar:1.4.0]
> at
> org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:633)
> [artemis-core-client-1.4.0.jar:1.4.0]
> at
> org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:376)
> [artemis-core-client-1.4.0.jar:1.4.0]
> at
> org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:358)
> [artemis-core-client-1.4.0.jar:1.4.0]
> at
> org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:631)
> [artemis-server-1.4.0.jar:1.4.0]
> at
> org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:68)
> [artemis-core-client-1.4.0.jar:1.4.0]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:366)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:352)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:345)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:293)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:267)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:366)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:352)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:345)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1066)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:900)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:366)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:352)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:345)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1294)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:366)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:352)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:911)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:572)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:513)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:427)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:399)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at
> io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:140)
> [netty-all-4.0.39.Final.jar:4.0.39.Final]
> at java.lang.Thread.run(Thread.java:745) [?:1.8.0_102]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
