From c63d4e306bdec85b27b40b451dfd1f6c1c4884b6 Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Fri, 16 Jun 2017 10:46:07 +1000 Subject: [PATCH] Reduce logging for reserved realm authc failures (elastic/x-pack-elasticsearch#1711) We recently added logging for critical authentication failures as they had previously been silent (with respect to logs) but would cause authentication processing to stop. However, the reserved realm intentionally uses exceptions to stop any other realm authenticating a reserved user if the password is entered incorrectly. Since this is the most common use of exceptions in the authc chain, we reduce the logging verbosity in normal cases (drop the stack trace, remove "unexpected") and only log the full details in debug. Original commit: elastic/x-pack-elasticsearch@686a98010bbc11cac515917817fe12834e9fa716 --- .../xpack/security/authc/AuthenticationService.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java index e6ebee98268..20f97765124 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java @@ -274,9 +274,10 @@ public class AuthenticationService extends AbstractComponent { } userListener.onResponse(user); }, (ex) -> { - logger.warn(new ParameterizedMessage( - "An unexpected error occurred while attempting to authenticate [{}] against realm [{}]", - authenticationToken.principal(), realm.name()), ex); + logger.warn( + "An error occurred while attempting to authenticate [{}] against realm [{}] - {}", + authenticationToken.principal(), realm.name(), ex); + logger.debug("Authentication failed due to exception", ex); userListener.onFailure(ex); })); } else {