Maybe tone down the level of panic when somebody types their SSH password in incorrectly...

Description

If I try to log into a C4 node using SSH and enter the wrong password, etc., this is logged:

[ERROR] 2019-02-17T14:25:43,703Z [Thread-4 (activemq-netty-threads)] artemis.Bro
kerJaasLoginModule.login - Login failed: org.apache.shiro.authc.IncorrectCredent
ialsException: Submitted credentials for token [org.apache.shiro.authc.UsernameP
asswordToken - user1, rememberMe=false] did not match the expected credentials.
[errorCode=heaxee, moreInformationAt=https://errors.corda.net/OS/4.0-RC05/heaxee
]
javax.security.auth.login.FailedLoginException: org.apache.shiro.authc.Incorrect
CredentialsException: Submitted credentials for token [org.apache.shiro.authc.Us
ernamePasswordToken - user1, rememberMe=false] did not match the expected creden
tials.
at net.corda.node.internal.security.RPCSecurityManagerImpl.authenticate(
RPCSecurityManagerImpl.kt:55) ~[corda-node-4.0-RC05.jar:?]
at net.corda.node.internal.security.RPCSecurityManagerWithAdditionalUser
.authenticate(RPCSecurityManagerWithAdditionalUser.kt:23) ~[corda-node-4.0-RC05.
jar:?]
at net.corda.node.internal.artemis.BrokerJaasLoginModule.authenticateAnd
Authorise(BrokerJaasLoginModule.kt:147) ~[corda-node-4.0-RC05.jar:?]
at net.corda.node.internal.artemis.BrokerJaasLoginModule.login(BrokerJaa
sLoginModule.kt:99) ~[corda-node-4.0-RC05.jar:?]
at sun.reflect.GeneratedMethodAccessor256.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43) ~[?:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
~[?:1.8.0_171]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
95) ~[?:1.8.0_171]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_171]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_171]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_171]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_171]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[?:1.8.0_171]
at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.getAuthenticatedSubject(ActiveMQJAASSecurityManager.java:187) ~[artemis-server-2.6.2.jar:2.6.2]

<another billion lines elided>

ERROR? Really? Do we need the stack trace?

Also - we print this IN RED to the console:

[ERROR] 14:25:43+0000 [Thread-4 (activemq-netty-threads)] artemis.BrokerJaasLoginModule.login - Login failed: org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false] did not match the expected credentials. [errorCode=heaxee, moreInformationAt=https://errors.corda.net/OS/4.0-RC05/heaxee]

Maybe tone it down a little?

Status

Assignee

Tudor Malene

Reporter

Richard G Brown

Labels

None

Priority

Medium

Fix versions

Ported to...

None

Feature Team

Corda Core

CVSS Vector

None

Severity

Medium

Affects versions

Configure