Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Description

While explicitly checking the user roles in the ejb code using context.isCallerInRole(String roleName) and when it return false below exception message got printed at the DEBUG level in server.log file.

2017-09-13 21:10:24,549 DEBUG [org.jboss.security] sessionhash="b34cb4c5c50e3eefbe4f924ee42fa658" requestid="33015X1505317224509" username="adm2.lg" src_ip="127.0.0.1" PBOX00326: isCallerInRole processing failed: org.jboss.security.authorization.AuthorizationException: PBOX00017: Acces denied: authorization failed 
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:274)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143)
    at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
    at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
    at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
    at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
    at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
    at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)

The exception seems to be printed in DEBUG in the below line

 https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/javaee/EJBAuthorizationHelper.java#L193

This should not be logged as an exception message may be just a line in DEBUG logs should be enough.

Attachments

Issue Links

clones

JBEAP-13161 [GSS](7.0.z) Remove DEBUG message in server logs while calling isCallerInRole(String roleName) method

Closed

is incorporated by

JBEAP-14261 [GSS](7.1.z) Remove DEBUG message in server logs while calling isCallerInRole(String roleName) method

Closed

Activity

People

Assignee:: Ilia Vassilev

Reporter:: Ilia Vassilev

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2017/09/29 9:25 AM

Updated:: 2018/02/19 3:53 PM

Resolved:: 2017/11/09 1:36 PM