Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-3860

fix [KARAF-3373] Log lower level root cause exception in LDAPLoginModule.doLogin()

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.2, 4.0.0
    • Fix Version/s: 2.3.12, 3.0.5, 4.0.1, 2.4.4
    • Component/s: karaf
    • Labels:
    • Flags:
      Patch

      Description

      There was several lines of code introduced by KARAF-3373,

              } catch (CommunicationException ce) {
                  // explicitly catch CommunicationException as it my wrap a lower level root cause.
                  String rootCause = null;
                  if (ce.getRootCause() != null)
                      rootCause = ce.getRootCause().getMessage();
                  logger.warn("Can't connect to the LDAP server: {}", ce.getMessage(), rootCause);
                  throw new LoginException("Can't connect to the LDAP server: " + ce.getMessage());
              } catch (Exception e) {
                  logger.warn("Can't connect to the LDAP server: {}", e.getMessage(), e);
                  throw new LoginException("Can't connect to the LDAP server: " + e.getMessage());
              }
      

      but in case of empty trust store, logs contained only anonymous bind failed:

      2015-07-17 10:40:13,786 | WARN  | qtp1137020936-97 | HttpChannel                      | 84 - org.eclipse.jetty.util - 9.2.10.v20150310 | Could not send response error 500: java.lang.IllegalStateException: Committed                                                                                                                                                                      
      2015-07-17 10:40:17,478 | WARN  | qtp1137020936-98 | LDAPLoginModule                  | 35 - org.apache.karaf.jaas.modules - 4.0.1.SNAPSHOT | Can't connect to the LDAP server: anonymous bind failed: some.ldap.host:636                                                                                                                                                              
      2015-07-17 10:40:17,479 | ERROR | qtp1137020936-98 | JaasSecurityProvider             | 109 - org.apache.karaf.webconsole.console - 4.0.1.SNAPSHOT | General Security Exception
      javax.security.auth.login.LoginException: Can't connect to the LDAP server: anonymous bind failed: some.ldap.host.com:636 
      

      Please consider attached patch, as it logs all exceptions along with stacktrace.

      2015-07-17 10:53:44,270 | WARN  | qtp149032581-115 | LDAPLoginModule                  | 35 - org.apache.karaf.jaas.modules - 4.0.1.SNAPSHOT | Can't connect to the LDAP server: anonymous bind failed: some.ldap.host.com:636                                                                                                                                                           
      javax.naming.CommunicationException: anonymous bind failed: some.ldap.host.com:636  [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]                                                                                                            
      ...
      ...
      

        Attachments

        1. KARAF-3860-improve-logging.patch
          2 kB
          Josef Ludvíček

          Issue Links

            Activity

              People

              • Assignee:
                ffang Freeman Yue Fang
                Reporter:
                ludvicekj Josef Ludvíček
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: