From d17c0f6d8311fa8afd5e5ace0646ec0f499cd290 Mon Sep 17 00:00:00 2001 From: c-a-m Date: Mon, 8 Dec 2014 17:59:37 -0700 Subject: [PATCH] Bugfix: Any LDAP or AD exceptions are not getting logged. The AD and LDAP realms now catch and log Throwable. This changes LDAPException and ActiveDirectoryExceptions to be ShieldExceptions instead of SecurityExceptions Fixes https://github.com/elasticsearch/elasticsearch-shield/issues/452 Original commit: elastic/x-pack-elasticsearch@aff428e5c1d061118ceac036e95fb5b54a33fed0 --- .../authc/active_directory/ActiveDirectoryException.java | 4 +++- .../org/elasticsearch/shield/authc/ldap/LdapException.java | 4 +++- .../shield/authc/support/ldap/AbstractLdapRealm.java | 3 +-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/elasticsearch/shield/authc/active_directory/ActiveDirectoryException.java b/src/main/java/org/elasticsearch/shield/authc/active_directory/ActiveDirectoryException.java index cb88fd6476b..b594b628734 100644 --- a/src/main/java/org/elasticsearch/shield/authc/active_directory/ActiveDirectoryException.java +++ b/src/main/java/org/elasticsearch/shield/authc/active_directory/ActiveDirectoryException.java @@ -5,11 +5,13 @@ */ package org.elasticsearch.shield.authc.active_directory; +import org.elasticsearch.shield.ShieldException; + /** * ActiveDirectoryExceptions typically wrap jndi Naming exceptions, and have an additional * parameter of DN attached to each message. */ -public class ActiveDirectoryException extends SecurityException { +public class ActiveDirectoryException extends ShieldException { public ActiveDirectoryException(String msg){ super(msg); diff --git a/src/main/java/org/elasticsearch/shield/authc/ldap/LdapException.java b/src/main/java/org/elasticsearch/shield/authc/ldap/LdapException.java index 7eeedbc65dd..5a60fb08afc 100644 --- a/src/main/java/org/elasticsearch/shield/authc/ldap/LdapException.java +++ b/src/main/java/org/elasticsearch/shield/authc/ldap/LdapException.java @@ -5,11 +5,13 @@ */ package org.elasticsearch.shield.authc.ldap; +import org.elasticsearch.shield.ShieldException; + /** * LdapExceptions typically wrap jndi Naming exceptions, and have an additional * parameter of DN attached to each message. */ -public class LdapException extends SecurityException { +public class LdapException extends ShieldException { public LdapException(String msg){ super(msg); diff --git a/src/main/java/org/elasticsearch/shield/authc/support/ldap/AbstractLdapRealm.java b/src/main/java/org/elasticsearch/shield/authc/support/ldap/AbstractLdapRealm.java index 387fe2a69a4..4d87e3b4b3e 100644 --- a/src/main/java/org/elasticsearch/shield/authc/support/ldap/AbstractLdapRealm.java +++ b/src/main/java/org/elasticsearch/shield/authc/support/ldap/AbstractLdapRealm.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc.support.ldap; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.RestController; -import org.elasticsearch.shield.ShieldException; import org.elasticsearch.shield.User; import org.elasticsearch.shield.authc.support.CachingUsernamePasswordRealm; import org.elasticsearch.shield.authc.support.RefreshListener; @@ -44,7 +43,7 @@ public abstract class AbstractLdapRealm extends CachingUsernamePasswordRealm { List groupDNs = session.groups(); Set roles = roleMapper.mapRoles(groupDNs); return new User.Simple(token.principal(), roles.toArray(new String[roles.size()])); - } catch (ShieldException e) { + } catch (Throwable e) { if (logger.isDebugEnabled()) { logger.debug("Authentication Failed for user [{}]", e, token.principal()); }