Tomcat日志充满了JAAS LoginExceptions

时间:2017-06-15 14:05:20

标签: tomcat jaas

Tomcat和我的自定义JAAS LoginModule工作正常,但每次输入错误的凭据时,整个LoginException都会写入日志。根据定义,LoginModule必须在身份验证失败时抛出LoginException(返回false意味着"忽略此模块")但为什么会记录它们以及如何禁用此行为? 

15-Jun-2017 15:56:18.464 WARNUNG [http-nio-8080-exec-10] org.apache.catalina.realm.JAASRealm.authenticate Login exception authenticating username "pali"
 javax.security.auth.login.LoginException: Authentication failed
    at at.sheldor5.tr.web.module.authentication.LoginModuleImpl.login(LoginModuleImpl.java:72)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:425)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:342)
    at org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:556)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)

1 个答案:

答案 0 :(得分:-1)

抛出javax.security.auth.login.FailedLoginException而不是一般的LoginException,它将不会被记录。

相关问题
最新问题