Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-978

Remove DEBUG message in server logs while calling isCallerInRole(String roleName) method

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • None
    • None

      While explicitly checking the user roles in the ejb code using context.isCallerInRole(String roleName) and when it return false below exception message got printed at the DEBUG level in server.log file.

      2017-09-13 21:10:24,549 DEBUG [org.jboss.security] sessionhash="b34cb4c5c50e3eefbe4f924ee42fa658" requestid="33015X1505317224509" username="adm2.lg" src_ip="127.0.0.1" PBOX00326: isCallerInRole processing failed: org.jboss.security.authorization.AuthorizationException: PBOX00017: Acces denied: authorization failed 
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:274)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143)
    at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
    at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
    at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
    at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
    at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
    at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)

      The exception seems to be printed in DEBUG in the below line 

       https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/javaee/EJBAuthorizationHelper.java#L193

      This should not be logged as an exception message may be just a line in DEBUG logs should be enough.

            rhn-support-ivassile Ilia Vassilev
            rhn-support-ivassile Ilia Vassilev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: