5 Replies Latest reply on Feb 7, 2013 7:54 AM by jacktrades

    FailedLoginException stack trace appears in log despite catching throwable when user enters incorrect password?  How to prevent this?

    pgarner

      I'm wondering why when I put request.login() inside a try-catch block a stack trace appears in the log.

       


      try

      {   //  Throws ServletException if incorrect password.

      request.login(user.getEmail(), password);

      }

      catch(Throwable throwable)

      {

      logger.warn("User ''{0}'' attempt to login failed due to: " + throwable.getMessage());

      }

       

      Here's the log entry that is generated when request.login fails due to incorrect password:

       

      13:22:20,915 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8443-7) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

          at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_03]

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_03]

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_03]

          at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_03]

          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_03]

          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_03]

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_03]

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_03]

          at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_03]

          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_03]

          at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_03]

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

          at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

          at org.apache.catalina.authenticator.AuthenticatorBase.login(AuthenticatorBase.java:324) [jbossweb-7.0.13.Final.jar:]

          at org.apache.catalina.connector.Request.login(Request.java:3252) [jbossweb-7.0.13.Final.jar:]

          at org.apache.catalina.connector.RequestFacade.login(RequestFacade.java:1082) [jbossweb-7.0.13.Final.jar:]

          at com.patrac.controller.authenticate.LoginChecker.servletRequestLogin(LoginChecker.java:195) [classes:]

       

      .......

       

      13:22:20,987 WARNING [com.patrac.controller.authenticate.LoginController] (http--127.0.0.1-8443-7) User 'patrick.garner@patrac.com' attempt to login failed due to: Failed to authenticate a principal

       

      The exception is being caught and logged.  How to prevent the stack trace from appearing in the log???