Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-44209

Unnecessary logging with failed login attempt using AuthVerifier pipeline

Details

    Description

      Failed login attempts (with wrong password for example) using AutoLogin classes as part of the AuthVerifier pipeline will log the exception below. Portal shouldn't log messages for failed login attempts.

      To reproduce, access "http://localhost:8080/api/jsonws/group/get-user-sites" using basic authentication with an incorrect password (several browser plugins available to modify the headers).

      12:25:08,710 ERROR [http-bio-8080-exec-25][AuthVerifierPipeline:334] Skipping com.liferay.portal.security.auth.BasicAuthHeaderAutoLogin
      com.liferay.portal.security.auth.AuthException: com.liferay.portal.security.auth.AutoLoginException: com.liferay.portal.security.auth.AuthException
      at com.liferay.portal.security.auth.BasicAuthHeaderAutoLogin.verify(BasicAuthHeaderAutoLogin.java:116)
      at com.liferay.portal.security.auth.AuthVerifierPipeline._verifyRequest(AuthVerifierPipeline.java:325)
      at com.liferay.portal.security.auth.AuthVerifierPipeline.verifyRequest(AuthVerifierPipeline.java:75)
      at com.liferay.portal.security.ac.AccessControlImpl.verifyRequest(AccessControlImpl.java:96)
      at com.liferay.portal.security.ac.AccessControlUtil.verifyRequest(AccessControlUtil.java:69)
      at com.liferay.portal.servlet.filters.authverifier.AuthVerifierFilter.processFilter(AuthVerifierFilter.java:134)
      at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
      at com.liferay.portal.servlet.filters.jsoncontenttype.JSONContentTypeFilter.processFilter(JSONContentTypeFilter.java:42)
      at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
      at com.liferay.portal.servlet.filters.sso.ntlm.NtlmPostFilter.processFilter(NtlmPostFilter.java:83)
      at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
      at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88)
      at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
      at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:226)
      at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:97)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
      at java.lang.Thread.run(Thread.java:722)
      Caused by: com.liferay.portal.security.auth.AutoLoginException: com.liferay.portal.security.auth.AuthException
      at com.liferay.portal.security.auth.BaseAutoLogin.doHandleException(BaseAutoLogin.java:88)
      at com.liferay.portal.security.auth.BaseAutoLogin.handleException(BaseAutoLogin.java:41)
      at com.liferay.portal.security.auth.BaseAutoLogin.login(BaseAutoLogin.java:53)
      at com.liferay.portal.security.auth.BasicAuthHeaderAutoLogin.verify(BasicAuthHeaderAutoLogin.java:83)
      ... 56 more
      Caused by: com.liferay.portal.security.auth.AuthException
      at com.liferay.portlet.login.util.LoginUtil.getAuthenticatedUserId(LoginUtil.java:150)
      at com.liferay.portal.security.auth.BasicAuthHeaderAutoLogin.doLogin(BasicAuthHeaderAutoLogin.java:172)
      at com.liferay.portal.security.auth.BaseAutoLogin.login(BaseAutoLogin.java:50)
      ... 57 more

      Attachments

        Issue Links

          Activity

            People

              michael.young Michael Young (Inactive)
              dennis.ju Dennis Ju (Inactive)
              Kiyoshi Lee Kiyoshi Lee
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                8 years, 34 weeks, 6 days ago

                Packages

                  Version Package
                  6.2.3 CE GA4
                  6.2.X EE
                  7.0.0 M1