Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-978

Remove DEBUG message in server logs while calling isCallerInRole(String roleName) method

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      While explicitly checking the user roles in the ejb code using context.isCallerInRole(String roleName) and when it return false below exception message got printed at the DEBUG level in server.log file.

      2017-09-13 21:10:24,549 DEBUG [org.jboss.security] sessionhash="b34cb4c5c50e3eefbe4f924ee42fa658" requestid="33015X1505317224509" username="adm2.lg" src_ip="127.0.0.1" PBOX00326: isCallerInRole processing failed: org.jboss.security.authorization.AuthorizationException: PBOX00017: Acces denied: authorization failed 
          at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:274)
          at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71)
          at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147)
          at java.security.AccessController.doPrivileged(Native Method)
          at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143)
          at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
          at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
          at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
          at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
          at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
          at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
      

      The exception seems to be printed in DEBUG in the below line

       https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/javaee/EJBAuthorizationHelper.java#L193
      

      This should not be logged as an exception message may be just a line in DEBUG logs should be enough.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rhn-support-ivassile Ilia Vassilev
              Reporter:
              rhn-support-ivassile Ilia Vassilev
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: