4 Replies Latest reply: Jun 3, 2012 7:23 AM by Iva Žáková RSS

    How to stop logging Login failure javax.security.auth.login.FailedLoginException

    David Norris Newbie

      I'm using jaas in jboss 7 with users and roles. It works.

      However, when a login fails I get this long error because it failed.

      If I pass an unmatched username and/or password the login failure is not an error!

      There are two expected results from a login attempt: pass or fail. Neither of which should be considered an error.

      At most it should be logged as Information only and I should be able to turn it off.

       

      How can I stop logging this error?

      ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager]  Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

       

      I tried setting all \standalone\configuration\logging.properties log levels to SEVERE.

      Also set console and file handlers to SEVERE in \standalone\configuration\standalone.xml

       

      This produced zero log entries until I tested the known-to-fail login. Then the same error. I cannot get rid of it!

      Oh and it shows this too.

      Caused by: java.lang.SecurityException

          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857) [rt.jar:1.6.0_29]

        • 1. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
          David Norris Newbie

          SOLVED: Added  <module-option name="unauthenticatedIdentity" value="guest"/>

          • 2. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
            Wilson fu Newbie

            Thanks for the solution.  I have also tried this method but still failed to get rid of the ERROR message when the ID/password is not matched.

            Beside update the standalone.xml, what else should we update? Would you show me the complete set of the configuration for LDAP?

             

            Your help is very much appreciated!

             

            ----

            Here is my configuration:

            <security-domain name="LDAPRealm">

                      <authentication>

                                <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                                          <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                                          <module-option name="java.naming.provider.url" value="ldaps://10.106.182.193:10636"/>

                                          <module-option name="java.naming.security.authentication" value="simple"/>

                                          <module-option name="bindDN" value="cn=Manager,dc=com,dc=hk"/>

                                          <module-option name="bindCredential" value="secret"/>

                                          <module-option name="baseCtxDN" value="ou=people,dc=com,dc=hk"/>

                                          <module-option name="baseFilter" value="(uid={0})"/>

                                          <module-option name="roleFilter" value="(uniqueMember={1})"/>

                                          <module-option name="roleNameAttributeID" value="cn"/>

                                          <module-option name="allowEmptyPasswords" value="false"/>

                                          <module-option name="Context.REFERRAL" value="follow"/>

                                          <module-option name="throwValidateError" value="true"/>

                                          <module-option name="allowEmptyPasswords" value="true"/>

                                          <module-option name="principalDNPrefix" value="uid="/>

                                          <module-option name="principalDNSuffix" value="ou=people,dc=com,dc=hk"/>

                                          <module-option name="rolesCtxDN" value="ou=roles,dc=com,dc=hk"/>

                                          <module-option name="uidAttributeID" value="uniqueMember"/>

                                          <module-option name="matchOnUserDN" value="true"/>

                                          <module-option name="roleAttributeID" value="cn"/>

                                          <module-option name="roleAttributeIsDN" value="false"/>

                                          <module-option name="roleRecursion" value="0"/>

                                          <module-option name="unauthenticatedIdentity" value="guest"/>

                                </login-module>

                      </authentication>

            </security-domain>

            </security-domains>

            • 3. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
              David Norris Newbie

              I don't use LDAP. I use waffle NTLM as all our PC's and Servers run Windows. However, I'm sure it's irrelevant because we just need a way to get the user name and (possibly) password.

               

              I found I also have <module-option name="allowEmptyPasswords" value="false"/>

              When I set it to true I got the errors again.

               

              In my case a user will not have or need a password. So, I just give JBoss some string so it will stop complaining.

               

              • 4. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
                Iva Žáková Newbie

                Hello, I have exactly the same problem, unfortunately the solution posted here doesn't work for me. I don't really know what else to do.