geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yosemite <kmic...@hotmail.com>
Subject Re: How to stop logging of webservice authentication failure
Date Sat, 19 Sep 2009 14:37:06 GMT

Hello
This problem never went away in Geronimo 2.1.4 - Jetty, maybe it's some
Jetty logging configuration, I was not persistent enough to find exactly
what :-)
Karel



yosemite wrote:
> 
> Hello all,
> 
> I have a @Stateless acting as @WebService configured in openejb-jar.xml
> like
> 
> 	<ejb:enterprise-beans>
> 		<ejb:session>
> 			<ejb:ejb-name>TimeBean</ejb:ejb-name>
> 			<ejb:web-service-security>
> 				<ejb:security-realm-name>MyRealm</ejb:security-realm-name>
> 				<ejb:transport-guarantee>NONE</ejb:transport-guarantee>
> 				<ejb:auth-method>BASIC</ejb:auth-method>
> 				<http-method>POST</http-method>
> 				<http-method>PUT</http-method>
> 			</ejb:web-service-security>
> 		</ejb:session>
> 	</ejb:enterprise-beans>
> 
> Which works perfect if user credentials passed to webservice are right.
> But if the credentials are wrong (wrong password), it tells the client
> "The server sent HTTP status code 401: Unauthorized" but also logs in
> geronimo.log:
> 
> 2009-08-23 14:16:03,531 WARN  [log] AUTH FAILURE: user tester1
> 2009-08-23 14:16:03,531 WARN  [log] Committed before 403 null
> 2009-08-23 14:16:03,531 ERROR [log] handle failed
> java.lang.IllegalStateException: Committed
> 	at org.mortbay.jetty.Response.resetBuffer(Response.java:995)
> 	at org.mortbay.jetty.Response.sendError(Response.java:240)
> 	at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:521)
> 	at
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842)
> 	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
> 	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
> 	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
> 	at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
> 	at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214)
> 	at
> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPool.java:344)
> 	at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> 	at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> 	at java.lang.Thread.run(Thread.java:619)
> 
> How to avoid this log, how to handle to IllegalStateException and where,
> please?
> 
> If I use the same realm in the web app, this section in web.xml
> 
>     <realm-name>MyRealm</realm-name>
>     <form-login-config>
>       <form-login-page>/login.jsp</form-login-page>
>       <form-error-page>/loginError.jsp</form-error-page>
>     </form-login-config>
>   </login-config>
> 
> bumps to loginError if password is wrong, and then the log entry is just
> 
> WARN  [log] AUTH FAILURE: user tester1
> 
> (i.e.no IllegalStateException)
> 
> Any help appreciated.
> Karel
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/How-to-stop-logging-of-webservice-authentication-failure-tp25102983s134p25522154.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.


Mime
View raw message