Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

[Kerberos] Add debug log statement for exceptions (#32663)

This commit adds missing debug log statements for exceptions
that occur during ticket validation. I thought these
get logged somewhere else in authentication chain
but even after enabling trace logs I could not see them
logged. As the Kerberos exception messages are cryptic
adding full stack trace would help debugging faster.
Yogesh Gaikwad 7 years ago
parent
38ec0ff6ca
commit
8114646e12
1 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java

+ 3 - 0
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java
View File 

@@ -179,12 +179,15 @@ public final class KerberosRealm extends Realm implements CachingRealm {
 
 
     private void handleException(Exception e, final ActionListener<AuthenticationResult> listener) {
 
         if (e instanceof LoginException) {
 
+            logger.debug("failed to authenticate user, service login failure", e);
 
             listener.onResponse(AuthenticationResult.terminate("failed to authenticate user, service login failure",
 
                     unauthorized(e.getLocalizedMessage(), e)));
 
         } else if (e instanceof GSSException) {
 
+            logger.debug("failed to authenticate user, gss context negotiation failure", e);
 
             listener.onResponse(AuthenticationResult.terminate("failed to authenticate user, gss context negotiation failure",
 
                     unauthorized(e.getLocalizedMessage(), e)));
 
         } else {
 
+            logger.debug("failed to authenticate user", e);
 
             listener.onFailure(e);
 
         }
 
     }