Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-978

Remove DEBUG message in server logs while calling isCallerInRole(String roleName) method

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • None
    • None

      While explicitly checking the user roles in the ejb code using context.isCallerInRole(String roleName) and when it return false below exception message got printed at the DEBUG level in server.log file.

      2017-09-13 21:10:24,549 DEBUG [org.jboss.security] sessionhash="b34cb4c5c50e3eefbe4f924ee42fa658" requestid="33015X1505317224509" username="adm2.lg" src_ip="127.0.0.1" PBOX00326: isCallerInRole processing failed: org.jboss.security.authorization.AuthorizationException: PBOX00017: Acces denied: authorization failed 
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:274)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143)
    at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
    at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
    at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
    at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
    at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
    at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)

      The exception seems to be printed in DEBUG in the below line 

       https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/javaee/EJBAuthorizationHelper.java#L193

      This should not be logged as an exception message may be just a line in DEBUG logs should be enough.

              rhn-support-ivassile Ilia Vassilev
              rhn-support-ivassile Ilia Vassilev
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: