[jboss-jira] [JBoss JIRA] (WFCORE-2434) Elytron, log cause of LoginException during obraining ticket

Darran Lofthouse (JIRA) issues at jboss.org
Sat May 20 05:26:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFCORE-2434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13409277#comment-13409277 ] 

Darran Lofthouse commented on WFCORE-2434:
------------------------------------------

I am taking this but just to ensure the log.trace calls use the correct form that will log the Throwable they have access to instead of calling toString() on them - if we have additional exceptions being dropped we can review them as we find them in a new issue.

> Elytron, log cause of LoginException during obraining ticket
> ------------------------------------------------------------
>
>                 Key: WFCORE-2434
>                 URL: https://issues.jboss.org/browse/WFCORE-2434
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>            Priority: Critical
>
> I get to situation where in method {{GSSCredentialSecurityFactory.createGSSCredential()}} the cause of LoginException is hide from user. 
> In log there is 
> {code:title=server.log}
> 14:26:07,751 TRACE [org.wildfly.security] (default task-1) java.security.GeneralSecurityException: ELY01121: Unable to perform initial JAAS login.
> {code}
> But with debugger I get to obvious cause {{javax.security.auth.login.LoginException: Bad JAAS configuration: credsType and keytab values are not compatible}}, but this is not logged into log.
> Setting to high priority, because logging useful information is esential for troubleshooting fragile Kerberos setup.
> Mesage
> {code:java|title=ElytronMessages}
>     @Message(id = 1121, value = "Unable to perform initial JAAS login.")
>     GeneralSecurityException unableToPerformInitialLogin(@Cause LoginException cause);
> {code}
> is created in
> {code:java|title=GSSCredentialSecurityFactory.java#L283}
> 	    } catch (LoginException e) {
>                 throw log.unableToPerformInitialLogin(e);
>             }
> {code}
> and logged into log by 
> {code:java|title=ServerAuthenticationContext.java#L847}
>                         } catch (GeneralSecurityException e) {
>                             // skip this credential
>                             log.trace(e);
>                         }
> {code}
> An more importantly. Question here is if some global issue should follow up? Because problem is in usage of log.trace(e) where although cause exception is avalaible, effectivelly is called log.trace(e.toString()) and cause is hidden; So probably some global check should be performed in elytron codebase if other such occurences aren't also problematic.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list