ARTEMIS-899 don't log stack trace on authn failure

2017-01-06 15:32:52 -06:00 · 2017-01-06 15:32:52 -06:00 · f1d67df5e6
parent 2eb51985bc
commit f1d67df5e6
5 changed files with 16 additions and 13 deletions
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/protocol/core/impl/ActiveMQPacketHandler.java
@ -22,6 +22,7 @@ import java.util.Map;
 import org.apache.activemq.artemis.api.core.ActiveMQException;
 import org.apache.activemq.artemis.api.core.ActiveMQExceptionType;
 import org.apache.activemq.artemis.api.core.ActiveMQInternalErrorException;
+import org.apache.activemq.artemis.api.core.ActiveMQSecurityException;
 import org.apache.activemq.artemis.api.core.SimpleString;
 import org.apache.activemq.artemis.core.persistence.OperationContext;
 import org.apache.activemq.artemis.core.protocol.core.Channel;
@ -174,6 +175,9 @@ public class ActiveMQPacketHandler implements ChannelHandler {
         protocolManager.addSessionHandler(request.getName(), handler);

         response = new CreateSessionResponseMessage(server.getVersion().getIncrementingVersion());
+      } catch (ActiveMQSecurityException e) {
+         ActiveMQServerLogger.LOGGER.securityProblemWhileCreatingSession(e.getMessage());
+         response = new ActiveMQExceptionMessage(e);
      } catch (ActiveMQException e) {
         if (e.getType() == ActiveMQExceptionType.INCOMPATIBLE_CLIENT_SERVER_VERSIONS) {
            incompatibleVersion = true;
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
@ -1283,6 +1283,10 @@ public interface ActiveMQServerLogger extends BasicLogger {
      format = Message.Format.MESSAGE_FORMAT)
   void negativeGlobalAddressSize(long size);

+   @LogMessage(level = Logger.Level.WARN)
+   @Message(id = 222216, value = "Security problem while creating session: {0}", format = Message.Format.MESSAGE_FORMAT)
+   void securityProblemWhileCreatingSession(String message);
+

   @LogMessage(level = Logger.Level.ERROR)
   @Message(id = 224000, value = "Failure in initialisation", format = Message.Format.MESSAGE_FORMAT)
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java
@ -75,7 +75,7 @@ public abstract class CertificateLoginModule extends PropertiesLoader implements
      } catch (IOException ioe) {
         throw new LoginException(ioe.getMessage());
      } catch (UnsupportedCallbackException uce) {
-         throw new LoginException(uce.getMessage() + " Unable to obtain client certificates.");
+         throw new LoginException("Unable to obtain client certificates: " + uce.getMessage());
      }
      certificates = ((CertificateCallback) callbacks[0]).getCertificates();

--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
@ -209,7 +209,6 @@ public class LDAPLoginModule implements LoginModule {
         NamingEnumeration<SearchResult> results = context.search(getLDAPPropertyValue(USER_BASE), filter, constraints);

         if (results == null || !results.hasMore()) {
-            ActiveMQServerLogger.LOGGER.warn("User " + username + " not found in LDAP.");
            throw new FailedLoginException("User " + username + " not found in LDAP.");
         }

--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/PropertiesLoginModule.java
@ -86,29 +86,25 @@ public class PropertiesLoginModule extends PropertiesLoader implements LoginModu
         tmpPassword = new char[0];
      }
      if (user == null) {
-         throw new FailedLoginException("user name is null");
+         throw new FailedLoginException("User is null");
      }
      String password = users.getProperty(user);

      if (password == null) {
-         throw new FailedLoginException("User does exist");
+         throw new FailedLoginException("User does not exist: " + user);
      }

-      //password is hashed
      try {
         hashProcessor = PasswordMaskingUtil.getHashProcessor(password);
-
-         if (!hashProcessor.compare(tmpPassword, password)) {
-            throw new FailedLoginException("Password does not match");
-         }
-         loginSucceeded = true;
      } catch (Exception e) {
-         if (debug) {
-            logger.debug("Exception getting a hash processor", e);
-         }
         throw new FailedLoginException("Failed to get hash processor");
      }

+      if (!hashProcessor.compare(tmpPassword, password)) {
+         throw new FailedLoginException("Password does not match for user: " + user);
+      }
+      loginSucceeded = true;
+
      if (debug) {
         logger.debug("login " + user);
      }