4 Replies Latest reply: Jun 3, 2012 7:23 AM by Iva Žáková RSS

How to stop logging Login failure javax.security.auth.login.FailedLoginException

David Norris Newbie

I'm using jaas in jboss 7 with users and roles. It works.

However, when a login fails I get this long error because it failed.

If I pass an unmatched username and/or password the login failure is not an error!

There are two expected results from a login attempt: pass or fail. Neither of which should be considered an error.

At most it should be logged as Information only and I should be able to turn it off.

 

How can I stop logging this error?

ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager]  Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

 

I tried setting all \standalone\configuration\logging.properties log levels to SEVERE.

Also set console and file handlers to SEVERE in \standalone\configuration\standalone.xml

 

This produced zero log entries until I tested the known-to-fail login. Then the same error. I cannot get rid of it!

Oh and it shows this too.

Caused by: java.lang.SecurityException

    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857) [rt.jar:1.6.0_29]

  • 1. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
    David Norris Newbie

    SOLVED: Added  <module-option name="unauthenticatedIdentity" value="guest"/>

  • 2. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
    Wilson fu Newbie

    Thanks for the solution.  I have also tried this method but still failed to get rid of the ERROR message when the ID/password is not matched.

    Beside update the standalone.xml, what else should we update? Would you show me the complete set of the configuration for LDAP?

     

    Your help is very much appreciated!

     

    ----

    Here is my configuration:

    <security-domain name="LDAPRealm">

              <authentication>

                        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                                  <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                                  <module-option name="java.naming.provider.url" value="ldaps://10.106.182.193:10636"/>

                                  <module-option name="java.naming.security.authentication" value="simple"/>

                                  <module-option name="bindDN" value="cn=Manager,dc=com,dc=hk"/>

                                  <module-option name="bindCredential" value="secret"/>

                                  <module-option name="baseCtxDN" value="ou=people,dc=com,dc=hk"/>

                                  <module-option name="baseFilter" value="(uid={0})"/>

                                  <module-option name="roleFilter" value="(uniqueMember={1})"/>

                                  <module-option name="roleNameAttributeID" value="cn"/>

                                  <module-option name="allowEmptyPasswords" value="false"/>

                                  <module-option name="Context.REFERRAL" value="follow"/>

                                  <module-option name="throwValidateError" value="true"/>

                                  <module-option name="allowEmptyPasswords" value="true"/>

                                  <module-option name="principalDNPrefix" value="uid="/>

                                  <module-option name="principalDNSuffix" value="ou=people,dc=com,dc=hk"/>

                                  <module-option name="rolesCtxDN" value="ou=roles,dc=com,dc=hk"/>

                                  <module-option name="uidAttributeID" value="uniqueMember"/>

                                  <module-option name="matchOnUserDN" value="true"/>

                                  <module-option name="roleAttributeID" value="cn"/>

                                  <module-option name="roleAttributeIsDN" value="false"/>

                                  <module-option name="roleRecursion" value="0"/>

                                  <module-option name="unauthenticatedIdentity" value="guest"/>

                        </login-module>

              </authentication>

    </security-domain>

    </security-domains>

  • 3. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
    David Norris Newbie

    I don't use LDAP. I use waffle NTLM as all our PC's and Servers run Windows. However, I'm sure it's irrelevant because we just need a way to get the user name and (possibly) password.

     

    I found I also have <module-option name="allowEmptyPasswords" value="false"/>

    When I set it to true I got the errors again.

     

    In my case a user will not have or need a password. So, I just give JBoss some string so it will stop complaining.

     

  • 4. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
    Iva Žáková Newbie

    Hello, I have exactly the same problem, unfortunately the solution posted here doesn't work for me. I don't really know what else to do.