Reduce logging for reserved realm authc failures (elastic/x-pack-elasticsearch#1711)
We recently added logging for critical authentication failures as they had previously been silent (with respect to logs) but would cause authentication processing to stop. However, the reserved realm intentionally uses exceptions to stop any other realm authenticating a reserved user if the password is entered incorrectly. Since this is the most common use of exceptions in the authc chain, we reduce the logging verbosity in normal cases (drop the stack trace, remove "unexpected") and only log the full details in debug. Original commit: elastic/x-pack-elasticsearch@686a98010b
This commit is contained in:
parent
8cc4f29f33
commit
c63d4e306b
|
@ -274,9 +274,10 @@ public class AuthenticationService extends AbstractComponent {
|
||||||
}
|
}
|
||||||
userListener.onResponse(user);
|
userListener.onResponse(user);
|
||||||
}, (ex) -> {
|
}, (ex) -> {
|
||||||
logger.warn(new ParameterizedMessage(
|
logger.warn(
|
||||||
"An unexpected error occurred while attempting to authenticate [{}] against realm [{}]",
|
"An error occurred while attempting to authenticate [{}] against realm [{}] - {}",
|
||||||
authenticationToken.principal(), realm.name()), ex);
|
authenticationToken.principal(), realm.name(), ex);
|
||||||
|
logger.debug("Authentication failed due to exception", ex);
|
||||||
userListener.onFailure(ex);
|
userListener.onFailure(ex);
|
||||||
}));
|
}));
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue