Replace EJBAccessException stacktrace logged by JBoss

Asked 4/2, 2016 at 12:54 Answered 16/2, 2016 at 14:42

I have a REST endpoint in my application that is protected with EJB security.

@Path("/somepath")
@Produces(MediaType.APPLICATION_JSON)
@Stateless
@SecurityDomain("mydomain")
@RolesAllowed({"user"})
public class MyResource extends AbstractResource

If user's session times out web-app doesn't know that and if I try to interact with it it gets 403 FORBIDDEN which is completely OK. But in server log this error looks like this:

14:47:52,682 ERROR [org.jboss.ejb3.invocation] (http--127.0.0.1-8080-5) JBAS014134: EJB Invocation failed on component MyResource for method public java.lang.String MyResource.getSupplies(): javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public java.lang.String MyResource.getSupplies() of bean: MyResource is not allowed
        at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:101) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
        at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
        at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
        at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
        at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
        at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
        at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
        at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55]
        at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55]

These messages are so long and so useless. I want to replace them in log with something like "WARN: Unauthorized access" plus maybe some additional data, but no stack trace. I have no idea how to do it since this message is logged by JBoss. Would appreciate an advice how can I achieve the desired!

Accrete answered 4/2, 2016 at 12:54 Comment(3)

You can reduce noise in your stacktraces if you use Logback for logging. From version 1.13 upwards, it can filter stacktraces (this feature is still not documented). E. g. <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <encoder> <pattern>%m%n%rEx{full, org.jboss., sun.reflect. }</pattern> </encoder> </appender> – Templet 16/2, 2016 at 14:32

Hi, did you manage to replace the stacktrace? – Eloquent 7/10, 2019 at 18:16

hi @GustavoUlisesAriasMéndez. Honestly I don't remember. It was 3.5 years ago and I switched jobs and projects several times. Though answer that I awarded a bounty makes sense IMO – Accrete 8/10, 2019 at 10:2

My research showed that one possible solution is to use Container Interceptors which existed in earlier versions of JBoss AS and appeared again in JBoss AS 7.2. But there's no such thing in 7.1.1 and by coincidence that is my version of JBoss. Until my boss decides that we should move to WildFly I am opening a bounty just in case someone has alternative solution ( NO, I will not compile my own JBoss AS with patches).

Accrete answered 9/2, 2016 at 15:2 Comment(3)

This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. - From Review – Kemeny 9/2, 2016 at 15:48

I am an author. Unfortunately this is a most valid answer so far. And I will have to accept own answer sooner or later unless someone proposes solution for JBoss 7.1.1. I don't like to leave my own questions without answers so I posted the only answer I have. You are welcomed to submit another. – Accrete 9/2, 2016 at 16:27

As I promised I am accepting own answer. No one has suggested working solution. Most people didn't even try being too busy voting to close this answer. Still there's some time left for anyone who wants the reward. – Accrete 16/2, 2016 at 10:59

You should register an ExceptionMapper with RestEasy and do what you want in that handler.

ExceptionMappers are custom, application provided, components that can catch thrown application exceptions and write specific HTTP responses

You register them in the web.xml:

<context-param>
        <param-name>resteasy.providers</param-name>
        <param-value>fully.qualified.package.to.your.CustomEJBAccessExceptionMapper</param-value>
</context-param>

Mcmasters answered 9/2, 2016 at 15:8 Comment(1)

I'm sorry, but this won't work since exception mappers come in play much much later. Authorization is handled by EJBs in my case and happens before calling RestEasy methods. ExceptionMapper was the first thing on my mind too. – Accrete 9/2, 2016 at 16:24

I want to replace them in log with something like "WARN: Unauthorized access" plus maybe some additional data

JBoss supports custom loggers. I'm not sure whether you can configure it's logging to have effect on each and every class, but if it is possible, tuning your logging (instead of interceptors and so on) is a natural way to go.

Templet answered 16/2, 2016 at 14:42 Comment(4)

There is a chance that this approach will help to remove stack-traces.But what about custom message? – Accrete 17/2, 2016 at 13:32

I'm not an JBoss expert, but I guess that if you implement custom logger, you'll be able to write custom message to the log – Templet 17/2, 2016 at 14:38

I have only 18 minutes left to assign a reward. This approach is unexpected, but has a right to exist. I think it deserves some RP. – Accrete 17/2, 2016 at 14:48

Modern logger libraries can go way beyond System.out.println, it would be unwise to not take their features into account. Also, your own question is half the answer: you said 'I want to replace them in log...'. And - thanks :) – Templet 17/2, 2016 at 14:56

Recommended topics

Hot tags