5 Replies Latest reply on Nov 27, 2015 9:52 AM by icemaker

    How to stop logging Login failure javax.security.auth.login.FailedLoginException

    dnorris

      I'm using jaas in jboss 7 with users and roles. It works.

      However, when a login fails I get this long error because it failed.

      If I pass an unmatched username and/or password the login failure is not an error!

      There are two expected results from a login attempt: pass or fail. Neither of which should be considered an error.

      At most it should be logged as Information only and I should be able to turn it off.

       

      How can I stop logging this error?

      ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager]  Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

       

      I tried setting all \standalone\configuration\logging.properties log levels to SEVERE.

      Also set console and file handlers to SEVERE in \standalone\configuration\standalone.xml

       

      This produced zero log entries until I tested the known-to-fail login. Then the same error. I cannot get rid of it!

      Oh and it shows this too.

      Caused by: java.lang.SecurityException

          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857) [rt.jar:1.6.0_29]

        • 1. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
          dnorris

          SOLVED: Added  <module-option name="unauthenticatedIdentity" value="guest"/>

          • 2. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
            wilsonfu

            Thanks for the solution.  I have also tried this method but still failed to get rid of the ERROR message when the ID/password is not matched.

            Beside update the standalone.xml, what else should we update? Would you show me the complete set of the configuration for LDAP?

             

            Your help is very much appreciated!

             

            ----

            Here is my configuration:

            <security-domain name="LDAPRealm">

                      <authentication>

                                <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                                          <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                                          <module-option name="java.naming.provider.url" value="ldaps://10.106.182.193:10636"/>

                                          <module-option name="java.naming.security.authentication" value="simple"/>

                                          <module-option name="bindDN" value="cn=Manager,dc=com,dc=hk"/>

                                          <module-option name="bindCredential" value="secret"/>

                                          <module-option name="baseCtxDN" value="ou=people,dc=com,dc=hk"/>

                                          <module-option name="baseFilter" value="(uid={0})"/>

                                          <module-option name="roleFilter" value="(uniqueMember={1})"/>

                                          <module-option name="roleNameAttributeID" value="cn"/>

                                          <module-option name="allowEmptyPasswords" value="false"/>

                                          <module-option name="Context.REFERRAL" value="follow"/>

                                          <module-option name="throwValidateError" value="true"/>

                                          <module-option name="allowEmptyPasswords" value="true"/>

                                          <module-option name="principalDNPrefix" value="uid="/>

                                          <module-option name="principalDNSuffix" value="ou=people,dc=com,dc=hk"/>

                                          <module-option name="rolesCtxDN" value="ou=roles,dc=com,dc=hk"/>

                                          <module-option name="uidAttributeID" value="uniqueMember"/>

                                          <module-option name="matchOnUserDN" value="true"/>

                                          <module-option name="roleAttributeID" value="cn"/>

                                          <module-option name="roleAttributeIsDN" value="false"/>

                                          <module-option name="roleRecursion" value="0"/>

                                          <module-option name="unauthenticatedIdentity" value="guest"/>

                                </login-module>

                      </authentication>

            </security-domain>

            </security-domains>

            • 3. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
              dnorris

              I don't use LDAP. I use waffle NTLM as all our PC's and Servers run Windows. However, I'm sure it's irrelevant because we just need a way to get the user name and (possibly) password.

               

              I found I also have <module-option name="allowEmptyPasswords" value="false"/>

              When I set it to true I got the errors again.

               

              In my case a user will not have or need a password. So, I just give JBoss some string so it will stop complaining.

               

              • 4. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
                ixi

                Hello, I have exactly the same problem, unfortunately the solution posted here doesn't work for me. I don't really know what else to do.

                • 5. Re: How to stop logging Login failure javax.security.auth.login.FailedLoginException
                  icemaker

                  Also tried the solution. It does not work.