From 85a8e1e3f496508a75d75feeaafbf948152064b0 Mon Sep 17 00:00:00 2001 From: Yogesh Gaikwad Date: Tue, 7 Aug 2018 14:18:40 +1000 Subject: [PATCH] [Kerberos] Add debug log statement for exceptions This commit adds missing debug log statements for exceptions that occur during ticket validation. I thought these get logged somewhere else in authentication chain but even after enabling trace logs I could not see them logged. As the Kerberos exception messages are cryptic adding full stack trace would help debugging faster. --- .../xpack/security/authc/kerberos/KerberosRealm.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java index dc38f1f78c0ac..53146203ee2f1 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java @@ -179,12 +179,15 @@ protected String maybeRemoveRealmName(final String principalName) { private void handleException(Exception e, final ActionListener listener) { if (e instanceof LoginException) { + logger.debug("failed to authenticate user, service login failure", e); listener.onResponse(AuthenticationResult.terminate("failed to authenticate user, service login failure", unauthorized(e.getLocalizedMessage(), e))); } else if (e instanceof GSSException) { + logger.debug("failed to authenticate user, gss context negotiation failure", e); listener.onResponse(AuthenticationResult.terminate("failed to authenticate user, gss context negotiation failure", unauthorized(e.getLocalizedMessage(), e))); } else { + logger.debug("failed to authenticate user", e); listener.onFailure(e); } }