How to suppress AuthorizationLoggerListener Authorization failed warnings in logs
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
The following warning message appears every time someone tries to access Bamboo and:
- The person is not logged into the application.
- The application is not set to allow anonymous access.
2016-05-19 12:16:30,076 WARN [http-nio-8085-exec-10] [AuthorizationLoggerListener] Authorization failed: org.acegisecurity.AccessDeniedException: Access is denied; authenticated principal: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@90545b24: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 9009636C1598DF73F10F42AC9C238B5C; Granted Authorities: ROLE_ANONYMOUS; secure object: com.atlassian.bamboo.webwork.StarterAction@5f36e48; configuration attributes: [WW_READ, GLOBAL_READ]
The person is then redirected to the Bamboo Login page. If anonymous access is allowed, this does not show up in the logs.
It is possible to suppress these entries if you would like to omit them from your logs.
- Open your
log4j.propertiesfile, which is located at
Add the following property to the end of the file:
- Restart Bamboo for the new property to take effect