[jboss-jira] [JBoss JIRA] (WFLY-7462) Do not log common CLI failures for Elytron to server log

Brian Stansberry (JIRA) issues at jboss.org
Fri Nov 4 11:37:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFLY-7462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13317648#comment-13317648 ] 

Brian Stansberry commented on WFLY-7462:
----------------------------------------

Probably I messed something up when I tried to reproduce. It worked fine for me. I used the embed-server; maybe I forgot to specify --admin-only=false. Sorry for wasting your time.

Re: the DuplicateServiceException, I do expect that one to appear in the log and there's nothing particular to elytron about that. Arguably it would be better if it didn't, but I don't want to just suppress those. We don't suppress exceptions in Stage.RUNTIME as those mean something has happened while trying to change the runtime, which may have had negative effects on the runtime. (A failure in Stage.MODEL just means the op fails, the op's copy of the model never gets published, and no one but the caller is affected.) Better than suppressing Stage.RUNTIME issues like DuplicateServiceException is to bit by bit make it harder for that to occur without it being detected before getting to the MSC level. See for example WFCORE-1106 for an approach to avoiding that in cases where it occurs because the user ignored a reload-required.

I think the DuplicateServiceException case is less serious than the others though. Getting that requires doing something fairly unusual.

[~dlofthouse] re the ldap-realm vs properties-realm name duplication leading to the DuplicateServiceException (see the last example in Ondrej's last post): isn't that a case of two resources adding the same capability? If so I'd expect that to fail in Stage.MODEL, before MSC gets involved.



> Do not log common CLI failures for Elytron to server log
> --------------------------------------------------------
>
>                 Key: WFLY-7462
>                 URL: https://issues.jboss.org/browse/WFLY-7462
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 11.0.0.Alpha1
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>            Priority: Critical
>              Labels: user_experience
>
> Almost every common CLI command failure from Elytron subsystem is logged as ERROR to server log. For example this means:
> * trying to add duplicate service -> ERROR in server log
> * missing required attribute of any resource attribute in CLI command -> ERROR in server log
> * missing capability -> ERROR in server log
> * ...
> Some reasons why these logs should not be logged to server log:
> * Adding useless messages to server log.
> * This is inconsistent with other subsystems (e.g. PicketBox). It can be confusing.
> These common CLI command failures should be removed from the log, or logged on low level (i.e. DEBUG)



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list