You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Alberto Bustamante Reyes (Jira)" <ji...@apache.org> on 2019/09/10 13:12:00 UTC

[jira] [Commented] (GEODE-3911) Authentication failures produce exception stacktraces in log files.

    [ https://issues.apache.org/jira/browse/GEODE-3911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16926624#comment-16926624 ] 

Alberto Bustamante Reyes commented on GEODE-3911:
-------------------------------------------------

the code which is adding the stacktrace to the logs is not part of Geode, its from Apache Shiro, in "AbstractAuthenticator" class, "authenticate" method:

{code}
               String msg = "Authentication failed for token submission [" + token + "].  Possible unexpected " +
                        "error? (Typical or expected login exceptions should extend from AuthenticationException).";
                ae = new AuthenticationException(msg, t);
                if (log.isWarnEnabled())
                    log.warn(msg, t);
{code}


 

> Authentication failures produce exception stacktraces in log files.
> -------------------------------------------------------------------
>
>                 Key: GEODE-3911
>                 URL: https://issues.apache.org/jira/browse/GEODE-3911
>             Project: Geode
>          Issue Type: Bug
>          Components: pulse, security
>            Reporter: Jens Deppe
>            Priority: Major
>              Labels: starter
>
> When running pulse along with the `SimpleSecurityManager` I notice quite a few authentication failure stacktraces like:
> {noformat}
> [warning 2017/10/26 07:14:27.773 PDT locator1 <RMI TCP Connection(9)-10.118.33.247> tid=0x7d] Authentication failed for token submission [org.apache.geode.internal.security.shiro.GeodeAuthenticationToken - cluster,data, rememberMe=false].  Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException).
> org.apache.geode.security.AuthenticationFailedException: invalid username/password
>         at org.apache.geode.examples.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:41)
>         at org.apache.geode.internal.security.shiro.CustomAuthRealm.doGetAuthenticationInfo(CustomAuthRealm.java:52)
>         at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
>         at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
>         at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
>         at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
>         at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
>         at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
>         at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
>         at org.apache.geode.internal.security.IntegratedSecurityService.login(IntegratedSecurityService.java:139)
>         at org.apache.geode.internal.security.shiro.JMXShiroAuthenticator.authenticate(JMXShiroAuthenticator.java:60)
>         at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:232)
>         at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:199)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:346)
>         at sun.rmi.transport.Transport$1.run(Transport.java:200)
>         at sun.rmi.transport.Transport$1.run(Transport.java:197)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
>         at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
>         at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
>         at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> {noformat}
> We shouldn't need to dump these out, but just log a message.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)