users@glassfish.java.net

Re: Login failures spams server.log

From: Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Fri, 19 Aug 2011 13:10:12 +0530

On 18-Aug-2011, at 5:46 PM, Kumar Jayanti wrote:

> we will fix it soon on the trunk and 3.1.x branch. But if you are on 3.1.1 you will have to wait for 3.1.2.
>
Fixed it on trunk. Will fix in 3.1.2 branch.
>
> On 18-Aug-2011, at 5:34 PM, forums_at_java.net wrote:
>
>> I run Glassfish 3 with a JDBC realm and form-based authentication. It works
>> fine, BUT every time a user mis-types his password, a WARNING message, with a
>> loong traceback, is appended to server.log . That spams server.log, making it
>> hard to find any REAL problems.
>>
>> To begin with, the traceback feels utterly useless, so can I get rid of it?
>> Furhermore, it would be nice to keep track of login failures not in
>> server.log but in some other log.
>>
>> Is there a way to fix this?
>>
>> For your amusement, here follows a sample entry in server.log:
>>
>> [#|2011-08-17T09:11:36.716+0200|WARNING|glassfish3.1|javax.enterprise.system.container.web.com.sun.web.security|_ThreadID=553;_ThreadName=Thread-1;|WEB9102:
>> Web Login Failed:
>> com.sun.enterprise.security.auth.login.common.LoginException: Login failed:
>> Security Exception|#]
>> [#|2011-08-17T09:11:36.718+0200|WARNING|glassfish3.1|javax.enterprise.system.container.web.com.sun.web.security|_ThreadID=553;_ThreadName=Thread-1;|Exception
>> com.sun.enterprise.security.auth.login.common.LoginException: Login failed:
>> Security Exception
>> at
>> com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:394)
>> at
>> com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:240)
>> at
>> com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:153)
>> at
>> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:483)
>> at
>> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:425)
>> at
>> org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:269)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.processSecurityCheck(AuthenticatorBase.java:909)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:546)
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:623)
>> at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
>> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
>> at
>> com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:326)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:227)
>> at
>> com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:170)
>> at
>> com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:822)
>> at
>> com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719)
>> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1013)
>> at
>> com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
>> at
>> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
>> at
>> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
>> at
>> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
>> at
>> com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
>> at
>> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
>> at
>> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
>> at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
>> at
>> com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
>> at
>> com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
>> at java.lang.Thread.run(Thread.java:662)
>> Caused by: javax.security.auth.login.LoginException: Security Exception
>> at
>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
>> at
>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at
>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>> at
>> com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:382)
>> ... 29 more
>> Caused by: java.lang.SecurityException
>> at
>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:857)
>> ... 35 more
>> |#]
>>
>>
>>
>> --
>>
>> [Message sent by forum member 'tmpsa']
>>
>> View Post: http://forums.java.net/node/834556
>>
>>
>