From cd7ad1d582fdc04d7c369ab45308136f86cc7a97 Mon Sep 17 00:00:00 2001 From: Andrey Ershov Date: Mon, 26 Aug 2019 13:52:22 +0200 Subject: [PATCH 1/3] Remove stack trace logging in SecurityTransportExceptionHandler --- .../transport/SecurityTransportExceptionHandler.java | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SecurityTransportExceptionHandler.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SecurityTransportExceptionHandler.java index ecc55fb47523f..3c29419cb410a 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SecurityTransportExceptionHandler.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SecurityTransportExceptionHandler.java @@ -33,18 +33,10 @@ public void accept(TcpChannel channel, Exception e) { logger.warn("received plaintext traffic on an encrypted channel, closing connection {}", channel); CloseableChannel.closeChannel(channel); } else if (SSLExceptionHelper.isCloseDuringHandshakeException(e)) { - if (logger.isTraceEnabled()) { - logger.trace(new ParameterizedMessage("connection {} closed during ssl handshake", channel), e); - } else { - logger.debug("connection {} closed during handshake", channel); - } + logger.debug("connection {} closed during handshake", channel); CloseableChannel.closeChannel(channel); } else if (SSLExceptionHelper.isReceivedCertificateUnknownException(e)) { - if (logger.isTraceEnabled()) { - logger.trace(new ParameterizedMessage("client did not trust server's certificate, closing connection {}", channel), e); - } else { - logger.warn("client did not trust this server's certificate, closing connection {}", channel); - } + logger.warn("client did not trust this server's certificate, closing connection {}", channel); CloseableChannel.closeChannel(channel); } else { fallback.accept(channel, e); From c750e27c85a62a91c26d107706015d4c02c72e79 Mon Sep 17 00:00:00 2001 From: Andrey Ershov Date: Mon, 26 Aug 2019 14:16:02 +0200 Subject: [PATCH 2/3] SecurityHttpExceptionHandler --- .../SecurityHttpExceptionHandler.java | 20 +++---------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityHttpExceptionHandler.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityHttpExceptionHandler.java index d49c05f334460..bfb36c82b3e62 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityHttpExceptionHandler.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityHttpExceptionHandler.java @@ -35,27 +35,13 @@ public void accept(HttpChannel channel, Exception e) { } if (isNotSslRecordException(e)) { - if (logger.isTraceEnabled()) { - logger.trace(new ParameterizedMessage("received plaintext http traffic on an https channel, closing connection {}", - channel), e); - } else { - logger.warn("received plaintext http traffic on an https channel, closing connection {}", channel); - } + logger.warn("received plaintext http traffic on an https channel, closing connection {}", channel); CloseableChannel.closeChannel(channel); } else if (isCloseDuringHandshakeException(e)) { - if (logger.isTraceEnabled()) { - logger.trace(new ParameterizedMessage("connection {} closed during ssl handshake", channel), e); - } else { - logger.debug("connection {} closed during ssl handshake", channel); - } + logger.debug("connection {} closed during ssl handshake", channel); CloseableChannel.closeChannel(channel); } else if (isReceivedCertificateUnknownException(e)) { - if (logger.isTraceEnabled()) { - logger.trace(new ParameterizedMessage("http client did not trust server's certificate, closing connection {}", - channel), e); - } else { - logger.warn("http client did not trust this server's certificate, closing connection {}", channel); - } + logger.warn("http client did not trust this server's certificate, closing connection {}", channel); CloseableChannel.closeChannel(channel); } else { fallback.accept(channel, e); From f2a076b7a8347c0640219a9be370acbf085ed5e3 Mon Sep 17 00:00:00 2001 From: Andrey Ershov Date: Mon, 26 Aug 2019 15:56:31 +0200 Subject: [PATCH 3/3] Unused import --- .../security/transport/SecurityTransportExceptionHandler.java | 1 - .../xpack/security/transport/SecurityHttpExceptionHandler.java | 1 - 2 files changed, 2 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SecurityTransportExceptionHandler.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SecurityTransportExceptionHandler.java index 3c29419cb410a..44789e81ce960 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SecurityTransportExceptionHandler.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SecurityTransportExceptionHandler.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.core.security.transport; import org.apache.logging.log4j.Logger; -import org.apache.logging.log4j.message.ParameterizedMessage; import org.elasticsearch.common.component.Lifecycle; import org.elasticsearch.common.network.CloseableChannel; import org.elasticsearch.transport.TcpChannel; diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityHttpExceptionHandler.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityHttpExceptionHandler.java index bfb36c82b3e62..761d9e1428dd0 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityHttpExceptionHandler.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityHttpExceptionHandler.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.security.transport; import org.apache.logging.log4j.Logger; -import org.apache.logging.log4j.message.ParameterizedMessage; import org.elasticsearch.common.component.Lifecycle; import org.elasticsearch.common.network.CloseableChannel; import org.elasticsearch.http.HttpChannel;