'Re: How to stop logging of webservice authentication failure'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       geronimo-user
Subject:    Re: How to stop logging of webservice authentication failure
From:       Jack Cai <greensight () gmail ! com>
Date:       2009-08-25 7:16:00
Message-ID: 5e7fd1eb0908250016t3d781c0dy29fee8bc0d7d1a7c () mail ! gmail ! com
[Download RAW message or body]

I guess there is nothing you can do here. The exception is never routed to
your code. It looks like a small defect in Jetty's code. You might want to
raise a defect against Jetty.

-Jack

On Sun, Aug 23, 2009 at 8:43 PM, yosemite <kmichek@hotmail.com> wrote:

> 
> Hello all,
> 
> I have a @Stateless acting as @WebService configured in openejb-jar.xml
> like
> 
> <ejb:enterprise-beans>
> <ejb:session>
> <ejb:ejb-name>TimeBean</ejb:ejb-name>
> <ejb:web-service-security>
> 
> <ejb:security-realm-name>MyRealm</ejb:security-realm-name>
> 
> <ejb:transport-guarantee>NONE</ejb:transport-guarantee>
> <ejb:auth-method>BASIC</ejb:auth-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </ejb:web-service-security>
> </ejb:session>
> </ejb:enterprise-beans>
> 
> Which works perfect if user credentials passed to webservice are right. But
> if the credentials are wrong (wrong password), it tells the client "The
> server sent HTTP status code 401: Unauthorized" but also logs in
> geronimo.log:
> 
> 2009-08-23 14:16:03,531 WARN  [log] AUTH FAILURE: user tester1
> 2009-08-23 14:16:03,531 WARN  [log] Committed before 403 null
> 2009-08-23 14:16:03,531 ERROR [log] handle failed
> java.lang.IllegalStateException: Committed
> at org.mortbay.jetty.Response.resetBuffer(Response.java:995)
> at org.mortbay.jetty.Response.sendError(Response.java:240)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:521)
> at
> 
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
> at
> 
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
> at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214)
> at
> 
> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPool.java:344)
>  at
> 
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at
> 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)
> 
> How to avoid this log, how to handle to IllegalStateException and where,
> please?
> 
> If I use the same realm in the web app, this section in web.xml
> 
> <realm-name>MyRealm</realm-name>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginError.jsp</form-error-page>
> </form-login-config>
> </login-config>
> 
> bumps to loginError if password is wrong, and then the log entry is just
> 
> WARN  [log] AUTH FAILURE: user tester1
> 
> (i.e.no IllegalStateException)
> 
> Any help appreciated.
> Karel
> 
> 
> --
> View this message in context:
> http://www.nabble.com/How-to-stop-logging-of-webservice-authentication-failure-tp25102983s134p25102983.html
>  Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
> 
> 


[Attachment #3 (text/html)]

I guess there is nothing you can do here. The exception is never routed to your code. \
It looks like a small defect in Jetty&#39;s code. You might want to raise a defect \
against Jetty.<br><br>-Jack<br><br><div class="gmail_quote"> On Sun, Aug 23, 2009 at \
8:43 PM, yosemite <span dir="ltr">&lt;<a \
href="mailto:kmichek@hotmail.com">kmichek@hotmail.com</a>&gt;</span> \
wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <br>
Hello all,<br>
<br>
I have a @Stateless acting as @WebService configured in openejb-jar.xml like<br>
<br>
        &lt;ejb:enterprise-beans&gt;<br>
                &lt;ejb:session&gt;<br>
                        &lt;ejb:ejb-name&gt;TimeBean&lt;/ejb:ejb-name&gt;<br>
                        &lt;ejb:web-service-security&gt;<br>
                                \
                &lt;ejb:security-realm-name&gt;MyRealm&lt;/ejb:security-realm-name&gt;<br>
                
                                \
                &lt;ejb:transport-guarantee&gt;NONE&lt;/ejb:transport-guarantee&gt;<br>
                
                                \
                &lt;ejb:auth-method&gt;BASIC&lt;/ejb:auth-method&gt;<br>
                                &lt;http-method&gt;POST&lt;/http-method&gt;<br>
                                &lt;http-method&gt;PUT&lt;/http-method&gt;<br>
                        &lt;/ejb:web-service-security&gt;<br>
                &lt;/ejb:session&gt;<br>
        &lt;/ejb:enterprise-beans&gt;<br>
<br>
Which works perfect if user credentials passed to webservice are right. But<br>
if the credentials are wrong (wrong password), it tells the client &quot;The<br>
server sent HTTP status code 401: Unauthorized&quot; but also logs in<br>
geronimo.log:<br>
<br>
2009-08-23 14:16:03,531 WARN  [log] AUTH FAILURE: user tester1<br>
2009-08-23 14:16:03,531 WARN  [log] Committed before 403 null<br>
2009-08-23 14:16:03,531 ERROR [log] handle failed<br>
java.lang.IllegalStateException: Committed<br>
        at org.mortbay.jetty.Response.resetBuffer(Response.java:995)<br>
        at org.mortbay.jetty.Response.sendError(Response.java:240)<br>
        at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:521)<br>
  at<br>
org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842)<br>
        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)<br>
        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)<br>
        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)<br>
        at<br>
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)<br>
        at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214)<br>
        at<br>
org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPool.java:344)<br>
  at<br>
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)<br>
  at<br>
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)<br>
        at java.lang.Thread.run(Thread.java:619)<br>
<br>
How to avoid this log, how to handle to IllegalStateException and where,<br>
please?<br>
<br>
If I use the same realm in the web app, this section in web.xml<br>
<br>
    &lt;realm-name&gt;MyRealm&lt;/realm-name&gt;<br>
    &lt;form-login-config&gt;<br>
      &lt;form-login-page&gt;/login.jsp&lt;/form-login-page&gt;<br>
      &lt;form-error-page&gt;/loginError.jsp&lt;/form-error-page&gt;<br>
    &lt;/form-login-config&gt;<br>
  &lt;/login-config&gt;<br>
<br>
bumps to loginError if password is wrong, and then the log entry is just<br>
<br>
WARN  [log] AUTH FAILURE: user tester1<br>
<br>
(<a href="http://i.e.no" target="_blank">i.e.no</a> IllegalStateException)<br>
<br>
Any help appreciated.<br>
Karel<br>
<font color="#888888"><br>
<br>
--<br>
View this message in context: <a \
href="http://www.nabble.com/How-to-stop-logging-of-webservice-authentication-failure-tp25102983s134p25102983.html" \
target="_blank">http://www.nabble.com/How-to-stop-logging-of-webservice-authentication-failure-tp25102983s134p25102983.html</a><br>


Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.<br>
<br>
</font></blockquote></div><br>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic