[jira] [Commented] (GEODE-2066) Log UnauthorizedException message at INFO and stack at DEBUG

Kevin Duling (JIRA) Mon, 14 Nov 2016 10:03:24 -0800

    [ 
https://issues.apache.org/jira/browse/GEODE-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15664559#comment-15664559
 ]


Kevin Duling commented on GEODE-2066:
-------------------------------------

We ought to adopt this as a general coding practice.  Usually, one doesn't 
expect to see a stack trace unless debugging is enabled.  Sometimes, it can 
confuse the reader if the message is benign.

> Log UnauthorizedException message at INFO and stack at DEBUG
> ------------------------------------------------------------
>
>                 Key: GEODE-2066
>                 URL: https://issues.apache.org/jira/browse/GEODE-2066
>             Project: Geode
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Jinmei Liao
>
> 1. First, a similar Stack Trace appears at the INFO log-level every time a 
> security violation (e.g. authentication or authorization failure) occurs...
> [info 2016/10/25 21:09:08.339 PDT <RMI TCP Connection(2)-10.99.199.3> 
> tid=0x24] (tid=36 msgId=0) Could not execute "list members".
> org.apache.geode.security.NotAuthorizedException: guest not authorized for 
> CLUSTER:READ
>       at 
> org.apache.geode.internal.security.IntegratedSecurityService.authorize(IntegratedSecurityService.java:303)
>       at 
> org.apache.geode.internal.security.IntegratedSecurityService.authorize(IntegratedSecurityService.java:280)
>       at 
> org.apache.geode.internal.security.IntegratedSecurityService.authorize(IntegratedSecurityService.java:275)
>       at 
> org.apache.geode.internal.security.IntegratedSecurityService.authorize(IntegratedSecurityService.java:217)
>       at 
> org.apache.geode.management.internal.cli.remote.CommandProcessor.executeCommand(CommandProcessor.java:116)
>       at 
> org.apache.geode.management.internal.cli.remote.CommandStatementImpl.process(CommandStatementImpl.java:66)
>       at 
> org.apache.geode.management.internal.cli.remote.MemberCommandService.processCommand(MemberCommandService.java:54)
>       at 
> org.apache.geode.management.internal.beans.MemberMBeanBridge.processCommand(MemberMBeanBridge.java:1690)
>       at 
> org.apache.geode.management.internal.beans.MemberMBean.processCommand(MemberMBean.java:406)
>       at 
> org.apache.geode.management.internal.beans.MemberMBean.processCommand(MemberMBean.java:399)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:497)
>       at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:71)
>       at sun.reflect.GeneratedMethodAccessor8.invoke(Unknown Source)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:497)
>       at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:275)
>       at 
> com.sun.jmx.mbeanserver.ConvertingMethod.invokeWithOpenReturn(ConvertingMethod.java:193)
>       at 
> com.sun.jmx.mbeanserver.ConvertingMethod.invokeWithOpenReturn(ConvertingMethod.java:175)
>       at 
> com.sun.jmx.mbeanserver.MXBeanIntrospector.invokeM2(MXBeanIntrospector.java:117)
>       at 
> com.sun.jmx.mbeanserver.MXBeanIntrospector.invokeM2(MXBeanIntrospector.java:54)
>       at 
> com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:237)
>       at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:138)
>       at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:252)
>       at 
> com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
>       at 
> com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
>       at 
> org.apache.geode.management.internal.security.MBeanServerWrapper.invoke(MBeanServerWrapper.java:208)
>       at 
> javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1471)
>       at 
> javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76)
>       at 
> javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1312)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1411)
>       at 
> javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:832)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:497)
>       at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:323)
>       at sun.rmi.transport.Transport$1.run(Transport.java:200)
>       at sun.rmi.transport.Transport$1.run(Transport.java:197)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
>       at 
> sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
>       at 
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
>       at 
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$256(TCPTransport.java:683)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>       at java.lang.Thread.run(Thread.java:745)
> Caused by: org.apache.shiro.authz.UnauthorizedException: Subject does not 
> have permission [CLUSTER:READ]
>       at 
> org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:334)
>       at 
> org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:141)
>       at 
> org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:210)
>       at 
> org.apache.geode.internal.security.IntegratedSecurityService.authorize(IntegratedSecurityService.java:298)
>       ... 51 more
> It is probably sufficient to log just the security exception "message" at 
> INFO level or higher.  Though, I would not mind seeing a Stack Trace if I 
> explicitly set the log-level to DEBUG/FINE.  Given all the possible 
> concurrent requests from a multitude of application clients/users, the Geode 
> log file is going to fill up with these Stack Traces quite quickly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (GEODE-2066) Log UnauthorizedException message at INFO and stack at DEBUG

Reply via email to