Reduce logging for reserved realm authc failures (elastic/x-pack-elasticsearch#1711)

We recently added logging for critical authentication failures as they had previously been silent (with respect to logs) but would cause authentication processing to stop. However, the reserved realm intentionally uses exceptions to stop any other realm authenticating a reserved user if the password is entered incorrectly. Since this is the most common use of exceptions in the authc chain, we reduce the logging verbosity in normal cases (drop the stack trace, remove "unexpected") and only log the full details in debug. Original commit: elastic/x-pack-elasticsearch@686a98010b
2017-06-16 10:46:07 +10:00 · 2017-06-16 10:46:07 +10:00 · c63d4e306b
parent 8cc4f29f33
commit c63d4e306b
1 changed files with 4 additions and 3 deletions
--- a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java
@ -274,9 +274,10 @@ public class AuthenticationService extends AbstractComponent {
                            }
                            userListener.onResponse(user);
                        }, (ex) -> {
-                            logger.warn(new ParameterizedMessage(
-                                    "An unexpected error occurred while attempting to authenticate [{}] against realm [{}]",
-                                    authenticationToken.principal(), realm.name()), ex);
+                            logger.warn(
+                                    "An error occurred while attempting to authenticate [{}] against realm [{}] - {}",
+                                    authenticationToken.principal(), realm.name(), ex);
+                            logger.debug("Authentication failed due to exception", ex);
                            userListener.onFailure(ex);
                        }));
                    } else {