How to suppress AuthorizationLoggerListener Authorization failed warnings in logs

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Purpose

The following warning message appears every time someone tries to access Bamboo and:

  1. The person is not logged into the application.
  2. The application is not set to allow anonymous access.
2016-05-19 12:16:30,076 WARN [http-nio-8085-exec-10] [AuthorizationLoggerListener] Authorization failed: org.acegisecurity.AccessDeniedException: Access is denied; authenticated principal: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@90545b24: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 9009636C1598DF73F10F42AC9C238B5C; Granted Authorities: ROLE_ANONYMOUS; secure object: com.atlassian.bamboo.webwork.StarterAction@5f36e48; configuration attributes: [WW_READ, GLOBAL_READ]

The person is then redirected to the Bamboo Login page. If anonymous access is allowed, this does not show up in the logs.

It is possible to suppress these entries if you would like to omit them from your logs.

Solution

  1. Open your log4j.properties file, which is located at $BAMBOO_INSTALL/atlassian-bamboo/WEB-INF/classes/log4j.properties
  2. Add the following property to the end of the file: 

    log4j.category.com.atlassian.bamboo.security.acegi.acls.AuthorizationLoggerListener=ERROR
  3. Restart Bamboo for the new property to take effect


Last modified on Jan 12, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.