On 19-Aug-2011, at 9:35 PM, forums_at_java.net wrote:
> > Will file an issue for 3.1.2 tracking.
>
> Great, Kumar! Please post the issue id here.
Fixed in 3.1.2. as well. : 17209
> > Right now i have made it a FINE log that prints the entire trace and the
> WARNING will be a single line.
>
> Absolutely a step in the Right Direction. But should a login error really be
> considered a *server* problem at all?
Its not but there has to be an INFO or Warning Log in the server. It has been a WARNING for a long time.
>
> > What you are suggesting can be done using a Custom Audit Module where all
> authentication and authorization events are audited.
>
> Sounds promising. Would that totally eliminate the log entry in server.log?
No it won't, it is in addition to what would be in server.log. This is incase you want to collect all security related events in a separate security.log.
> Any pointers to howtos on this would be much appreciated.
http://glassfish.java.net/docs/#allinone
Look for the section on Audit Modules and Custom Audit modules in the Security Guide.
>
> Cheers!
>
>
>
>
> --
>
> [Message sent by forum member 'tmpsa']
>
> View Post: http://forums.java.net/node/834556
>
>