Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce JWT error logging in WebSockets #303

Closed
ledsoft opened this issue Oct 2, 2024 · 0 comments · Fixed by #319
Closed

Reduce JWT error logging in WebSockets #303

ledsoft opened this issue Oct 2, 2024 · 0 comments · Fixed by #319
Assignees
@lukaskabc

Comments

@ledsoft
Copy link
Contributor

ledsoft commented Oct 2, 2024

Currently, WebSocket connectors pollute the log with repeated exceptions regarding expired JWTs. This is quite annoying as it is difficult to navigate the log to get to relevant information.

The following exception repeats in the log:

org.springframework.security.authentication.AuthenticationServiceException: JWT expired at 2024-09-24T15:36:49Z. Current time: 2024-10-02T13:57:57Z, a difference of 685268282 milliseconds.  Allowed clock skew: 0 milliseconds.
dss-test_termit-server_1  | 	at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.getJwt(JwtAuthenticationProvider.java:106)
dss-test_termit-server_1  | 	at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.authenticate(JwtAuthenticationProvider.java:88)
dss-test_termit-server_1  | 	at cz.cvut.kbss.termit.security.WebSocketJwtAuthorizationInterceptor.process(WebSocketJwtAuthorizationInterceptor.java:71)
dss-test_termit-server_1  | 	at cz.cvut.kbss.termit.security.WebSocketJwtAuthorizationInterceptor.preSend(WebSocketJwtAuthorizationInterceptor.java:45)
dss-test_termit-server_1  | 	at org.springframework.messaging.support.AbstractMessageChannel$ChannelInterceptorChain.applyPreSend(AbstractMessageChannel.java:181)
dss-test_termit-server_1  | 	at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:135)
dss-test_termit-server_1  | 	at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:125)
dss-test_termit-server_1  | 	at org.springframework.web.socket.messaging.StompSubProtocolHandler.handleMessageFromClient(StompSubProtocolHandler.java:343)
dss-test_termit-server_1  | 	at org.springframework.web.socket.messaging.SubProtocolWebSocketHandler.handleMessage(SubProtocolWebSocketHandler.java:356)
dss-test_termit-server_1  | 	at org.springframework.web.socket.handler.WebSocketHandlerDecorator.handleMessage(WebSocketHandlerDecorator.java:75)
dss-test_termit-server_1  | 	at org.springframework.web.socket.handler.LoggingWebSocketHandlerDecorator.handleMessage(LoggingWebSocketHandlerDecorator.java:56)
dss-test_termit-server_1  | 	at org.springframework.web.socket.handler.ExceptionWebSocketHandlerDecorator.handleMessage(ExceptionWebSocketHandlerDecorator.java:58)
dss-test_termit-server_1  | 	at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.handleTextMessage(StandardWebSocketHandlerAdapter.java:113)
dss-test_termit-server_1  | 	at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter$3.onMessage(StandardWebSocketHandlerAdapter.java:84)
dss-test_termit-server_1  | 	at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter$3.onMessage(StandardWebSocketHandlerAdapter.java:81)
dss-test_termit-server_1  | 	at org.apache.tomcat.websocket.WsFrameBase.sendMessageText(WsFrameBase.java:390)
dss-test_termit-server_1  | 	at org.apache.tomcat.websocket.server.WsFrameServer.sendMessageText(WsFrameServer.java:130)
dss-test_termit-server_1  | 	at org.apache.tomcat.websocket.WsFrameBase.processDataText(WsFrameBase.java:484)
dss-test_termit-server_1  | 	at org.apache.tomcat.websocket.WsFrameBase.processData(WsFrameBase.java:284)
dss-test_termit-server_1  | 	at org.apache.tomcat.websocket.WsFrameBase.processInputBuffer(WsFrameBase.java:130)
dss-test_termit-server_1  | 	at org.apache.tomcat.websocket.server.WsFrameServer.onDataAvailable(WsFrameServer.java:85)
dss-test_termit-server_1  | 	at org.apache.tomcat.websocket.server.WsFrameServer.doOnDataAvailable(WsFrameServer.java:184)
dss-test_termit-server_1  | 	at org.apache.tomcat.websocket.server.WsFrameServer.notifyDataAvailable(WsFrameServer.java:164)
dss-test_termit-server_1  | 	at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.upgradeDispatch(WsHttpUpgradeHandler.java:152)
dss-test_termit-server_1  | 	at org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:60)
dss-test_termit-server_1  | 	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:57)
dss-test_termit-server_1  | 	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:904)
dss-test_termit-server_1  | 	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)
dss-test_termit-server_1  | 	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
dss-test_termit-server_1  | 	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
dss-test_termit-server_1  | 	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
dss-test_termit-server_1  | 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
dss-test_termit-server_1  | 	at java.base/java.lang.Thread.run(Thread.java:840)
dss-test_termit-server_1  | Caused by: org.springframework.security.oauth2.jwt.JwtException: JWT expired at 2024-09-24T15:36:49Z. Current time: 2024-10-02T13:57:57Z, a difference of 685268282 milliseconds.  Allowed clock skew: 0 milliseconds.
dss-test_termit-server_1  | 	at cz.cvut.kbss.termit.security.TermitJwtDecoder.decode(TermitJwtDecoder.java:57)
dss-test_termit-server_1  | 	at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.getJwt(JwtAuthenticationProvider.java:99)
dss-test_termit-server_1  | 	... 32 common frames omitted
dss-test_termit-server_1  | Caused by: cz.cvut.kbss.termit.exception.TokenExpiredException: JWT expired at 2024-09-24T15:36:49Z. Current time: 2024-10-02T13:57:57Z, a difference of 685268282 milliseconds.  Allowed clock skew: 0 milliseconds.
dss-test_termit-server_1  | 	at cz.cvut.kbss.termit.security.JwtUtils.getClaimsFromToken(JwtUtils.java:150)
dss-test_termit-server_1  | 	at cz.cvut.kbss.termit.security.TermitJwtDecoder.decode(TermitJwtDecoder.java:38)
dss-test_termit-server_1  | 	... 33 common frames omitted
lukaskabc added a commit to lukaskabc/termit that referenced this issue Nov 30, 2024
@lukaskabc
[Bug kbss-cvut#303] Silence JWT exception from websocket connection a…
7921462 
…nd match log level with HTTP authentication exception logging
lukaskabc added a commit to lukaskabc/termit that referenced this issue Nov 30, 2024
@lukaskabc
[Bug kbss-cvut#303] Update websocket security tests to reflect new ex…
7b7a2c2 
…ception handling
@lukaskabc lukaskabc mentioned this issue Nov 30, 2024
Merged
@lukaskabc lukaskabc linked a pull request Nov 30, 2024 that will close this issue
[Bug #303] Reduce JWT error logging in WebSockets #319
Merged
lukaskabc added a commit to lukaskabc/termit that referenced this issue Dec 8, 2024
@lukaskabc
[Bug kbss-cvut#303] Add comments to WebSocketExceptionHandler#delegat…
2e9e224 
…e methods and additionally check exception based on annotation value
ledsoft pushed a commit that referenced this issue Dec 8, 2024
@lukaskabc @ledsoft
[Bug #303] Silence JWT exception from websocket connection and match …
3ef98de 
…log level with HTTP authentication exception logging
ledsoft pushed a commit that referenced this issue Dec 8, 2024
@lukaskabc @ledsoft
[Bug #303] Update websocket security tests to reflect new exception h…
9ce778f 
…andling
ledsoft pushed a commit that referenced this issue Dec 8, 2024
@lukaskabc @ledsoft
[Bug #303] Add comments to WebSocketExceptionHandler#delegate methods…
c4bfa3f 
… and additionally check exception based on annotation value
@ledsoft ledsoft closed this as completed Dec 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lukaskabc lukaskabc

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Bug #303] Reduce JWT error logging in WebSockets lukaskabc/termit
2 participants
@ledsoft @lukaskabc