From 2a1f833d2b412b5f2abab4316c424d5e09983343 Mon Sep 17 00:00:00 2001
From: fickludd <johan.teleman@neotechnology.com>
Date: Tue, 20 Sep 2016 10:30:18 +0200
Subject: [PATCH] Fix: removed log stack trace on authentication failure

Removed logging of auth events in bolt
---
 .../org/neo4j/bolt/BoltKernelExtension.java   |  6 +-
 .../security/auth/BasicAuthentication.java    |  8 +--
 .../runtime/BoltConnectionAuthFatality.java   | 31 +++++++++
 .../runtime/BoltProtocolBreachFatality.java   | 31 +++++++++
 .../bolt/v1/runtime/BoltStateMachine.java     | 22 +++---
 .../concurrent/RunnableBoltWorker.java        | 20 ++++--
 .../auth/BasicAuthenticationTest.java         | 29 +++-----
 .../concurrent/RunnableBoltWorkerTest.java    | 68 ++++++++++++++++++-
 .../v1/runtime/integration/SessionRule.java   | 23 +++----
 9 files changed, 179 insertions(+), 59 deletions(-)
 create mode 100644 community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltConnectionAuthFatality.java
 create mode 100644 community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltProtocolBreachFatality.java

diff --git a/community/bolt/src/main/java/org/neo4j/bolt/BoltKernelExtension.java b/community/bolt/src/main/java/org/neo4j/bolt/BoltKernelExtension.java
index 0b5085b6d83dd..6b9811a1f2113 100644
--- a/community/bolt/src/main/java/org/neo4j/bolt/BoltKernelExtension.java
+++ b/community/bolt/src/main/java/org/neo4j/bolt/BoltKernelExtension.java
@@ -153,7 +153,7 @@ public Lifecycle newInstance( KernelContext context, Dependencies dependencies )
 
         Netty4LogBridge.setLogProvider( logService.getInternalLogProvider() );
 
-        Authentication authentication = authentication( dependencies.config(), dependencies.authManager(), logService );
+        Authentication authentication = authentication( dependencies.authManager() );
 
         BoltFactory boltConnectionManagerFactory = life.add(
                 new LifecycleManagedBoltFactory( api, dependencies.usageData(), logService, dependencies.txBridge(),
@@ -274,8 +274,8 @@ private KeyStoreInformation createKeyStore( Configuration config, Log log, Adver
         return new KeyStoreFactory().createKeyStore( privateKeyPath, certificatePath );
     }
 
-    private Authentication authentication( Config config, AuthManager authManager, LogService logService )
+    private Authentication authentication( AuthManager authManager )
     {
-        return new BasicAuthentication( authManager, logService.getInternalLogProvider() );
+        return new BasicAuthentication( authManager );
     }
 }
diff --git a/community/bolt/src/main/java/org/neo4j/bolt/security/auth/BasicAuthentication.java b/community/bolt/src/main/java/org/neo4j/bolt/security/auth/BasicAuthentication.java
index 1209d2626356b..6b2576e5068dc 100644
--- a/community/bolt/src/main/java/org/neo4j/bolt/security/auth/BasicAuthentication.java
+++ b/community/bolt/src/main/java/org/neo4j/bolt/security/auth/BasicAuthentication.java
@@ -29,11 +29,8 @@
 import org.neo4j.kernel.api.security.AuthToken;
 import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
 import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
-import org.neo4j.logging.Log;
-import org.neo4j.logging.LogProvider;
 
 import static org.neo4j.kernel.api.security.AuthToken.NEW_CREDENTIALS;
-import static org.neo4j.kernel.api.security.AuthToken.PRINCIPAL;
 
 /**
  * Performs basic authentication with user name and password.
@@ -41,12 +38,10 @@
 public class BasicAuthentication implements Authentication
 {
     private final AuthManager authManager;
-    private final Log log;
 
-    public BasicAuthentication( AuthManager authManager, LogProvider logProvider )
+    public BasicAuthentication( AuthManager authManager )
     {
         this.authManager = authManager;
-        this.log = logProvider.getLog( getClass() );
     }
 
     @Override
@@ -76,7 +71,6 @@ private AuthenticationResult doAuthenticate( Map<String,Object> authToken ) thro
             case TOO_MANY_ATTEMPTS:
                 throw new AuthenticationException( Status.Security.AuthenticationRateLimit );
             default:
-                log.warn( "Failed authentication attempt for '%s'", AuthToken.safeCast( PRINCIPAL, authToken ) );
                 throw new AuthenticationException( Status.Security.Unauthorized );
             }
 
diff --git a/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltConnectionAuthFatality.java b/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltConnectionAuthFatality.java
new file mode 100644
index 0000000000000..d9d4d57bf70fe
--- /dev/null
+++ b/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltConnectionAuthFatality.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2002-2016 "Neo Technology,"
+ * Network Engine for Objects in Lund AB [http://neotechnology.com]
+ *
+ * This file is part of Neo4j.
+ *
+ * Neo4j is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.neo4j.bolt.v1.runtime;
+
+/**
+ * Indicates that bolt connection has been fatally misused and therefore the server should close the connection.
+ */
+public class BoltConnectionAuthFatality extends BoltConnectionFatality
+{
+    public BoltConnectionAuthFatality( String message )
+    {
+        super( message );
+    }
+}
diff --git a/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltProtocolBreachFatality.java b/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltProtocolBreachFatality.java
new file mode 100644
index 0000000000000..fcb8107674460
--- /dev/null
+++ b/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltProtocolBreachFatality.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2002-2016 "Neo Technology,"
+ * Network Engine for Objects in Lund AB [http://neotechnology.com]
+ *
+ * This file is part of Neo4j.
+ *
+ * Neo4j is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.neo4j.bolt.v1.runtime;
+
+/**
+ * Indicates that bolt connection has been fatally misused and therefore the server should close the connection.
+ */
+public class BoltProtocolBreachFatality extends BoltConnectionFatality
+{
+    public BoltProtocolBreachFatality( String message )
+    {
+        super( message );
+    }
+}
diff --git a/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltStateMachine.java b/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltStateMachine.java
index deb0e1ff60ebd..4a79ae470dfbb 100644
--- a/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltStateMachine.java
+++ b/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/BoltStateMachine.java
@@ -344,12 +344,12 @@ public State init( BoltStateMachine machine, String userAgent,
                         catch ( AuthenticationException e )
                         {
                             fail( machine, new Neo4jError( e.status(), e.getMessage() ) );
-                            throw new BoltConnectionFatality( e.getMessage() );
+                            throw new BoltConnectionAuthFatality( e.getMessage() );
                         }
-                        catch ( Throwable e )
+                        catch ( Throwable t )
                         {
-                            fail( machine, new Neo4jError( Status.General.UnknownError, e.getMessage() ) );
-                            throw new BoltConnectionFatality( e.getMessage() );
+                            fail( machine, new Neo4jError( Status.General.UnknownError, t.getMessage() ) );
+                            throw new BoltConnectionFatality( t.getMessage() );
                         }
                     }
                 },
@@ -551,14 +551,14 @@ public State init( BoltStateMachine machine, String userAgent, Map<String, Objec
         {
             String msg = "INIT cannot be handled by a session in the " + name() + " state.";
             fail( machine, new Neo4jError( Status.Request.Invalid, msg ) );
-            throw new BoltConnectionFatality( msg );
+            throw new BoltProtocolBreachFatality( msg );
         }
 
         public State ackFailure( BoltStateMachine machine ) throws BoltConnectionFatality
         {
             String msg = "ACK_FAILURE cannot be handled by a session in the " + name() + " state.";
             fail( machine, new Neo4jError( Status.Request.Invalid, msg ) );
-            throw new BoltConnectionFatality( msg );
+            throw new BoltProtocolBreachFatality( msg );
         }
 
         public State interrupt( BoltStateMachine machine ) throws BoltConnectionFatality
@@ -567,14 +567,14 @@ public State interrupt( BoltStateMachine machine ) throws BoltConnectionFatality
             // a RESET message.
             String msg = "RESET cannot be handled by a session in the " + name() + " state.";
             fail( machine, new Neo4jError( Status.Request.Invalid, msg ) );
-            throw new BoltConnectionFatality( msg );
+            throw new BoltProtocolBreachFatality( msg );
         }
 
         public State reset( BoltStateMachine machine ) throws BoltConnectionFatality
         {
             String msg = "RESET cannot be handled by a session in the " + name() + " state.";
             fail( machine, new Neo4jError( Status.Request.Invalid, msg ) );
-            throw new BoltConnectionFatality( msg );
+            throw new BoltProtocolBreachFatality( msg );
         }
 
         public State run( BoltStateMachine machine, String statement, Map<String, Object> params ) throws
@@ -582,21 +582,21 @@ public State run( BoltStateMachine machine, String statement, Map<String, Object
         {
             String msg = "RUN cannot be handled by a session in the " + name() + " state.";
             fail( machine, new Neo4jError( Status.Request.Invalid, msg ) );
-            throw new BoltConnectionFatality( msg );
+            throw new BoltProtocolBreachFatality( msg );
         }
 
         public State discardAll( BoltStateMachine machine ) throws BoltConnectionFatality
         {
             String msg = "DISCARD_ALL cannot be handled by a session in the " + name() + " state.";
             fail( machine, new Neo4jError( Status.Request.Invalid, msg ) );
-            throw new BoltConnectionFatality( msg );
+            throw new BoltProtocolBreachFatality( msg );
         }
 
         public State pullAll( BoltStateMachine machine ) throws BoltConnectionFatality
         {
             String msg = "PULL_ALL cannot be handled by a session in the " + name() + " state.";
             fail( machine, new Neo4jError( Status.Request.Invalid, msg ) );
-            throw new BoltConnectionFatality( msg );
+            throw new BoltProtocolBreachFatality( msg );
         }
 
         State resetMachine( BoltStateMachine machine ) throws BoltConnectionFatality
diff --git a/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/concurrent/RunnableBoltWorker.java b/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/concurrent/RunnableBoltWorker.java
index e2dff61a00832..954b45db8609c 100644
--- a/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/concurrent/RunnableBoltWorker.java
+++ b/community/bolt/src/main/java/org/neo4j/bolt/v1/runtime/concurrent/RunnableBoltWorker.java
@@ -19,7 +19,9 @@
  */
 package org.neo4j.bolt.v1.runtime.concurrent;
 
+import org.neo4j.bolt.v1.runtime.BoltConnectionAuthFatality;
 import org.neo4j.bolt.v1.runtime.BoltConnectionFatality;
+import org.neo4j.bolt.v1.runtime.BoltProtocolBreachFatality;
 import org.neo4j.bolt.v1.runtime.BoltStateMachine;
 import org.neo4j.bolt.v1.runtime.BoltWorker;
 import org.neo4j.bolt.v1.runtime.Job;
@@ -94,12 +96,21 @@ public void run()
                 }
             }
         }
-        catch ( Throwable e )
+        catch ( BoltConnectionAuthFatality e )
+        {
+            // this is logged in the SecurityLog
+        }
+        catch ( BoltProtocolBreachFatality e )
+        {
+            log.error( "Bolt protocol breach in session '" + machine.key() + "'" );
+        }
+        catch ( Throwable t )
         {
-            log.error( "Worker for session '" + machine.key() + "' crashed: " + e.getMessage(), e );
             userLog.error( "Fatal, worker for session '" + machine.key() + "' crashed. Please" +
-                           " contact your support representative if you are unable to resolve this.", e );
-
+                           " contact your support representative if you are unable to resolve this.", t );
+        }
+        finally
+        {
             // Attempt to close the session, as an effort to release locks and other resources held by the session
             machine.close();
         }
@@ -118,7 +129,6 @@ private void execute( Job job ) throws BoltConnectionFatality
     {
         if ( job == SHUTDOWN )
         {
-            machine.close();
             keepRunning = false;
         }
         else
diff --git a/community/bolt/src/test/java/org/neo4j/bolt/security/auth/BasicAuthenticationTest.java b/community/bolt/src/test/java/org/neo4j/bolt/security/auth/BasicAuthenticationTest.java
index e6276c9253883..d9b2fb0fac683 100644
--- a/community/bolt/src/test/java/org/neo4j/bolt/security/auth/BasicAuthenticationTest.java
+++ b/community/bolt/src/test/java/org/neo4j/bolt/security/auth/BasicAuthenticationTest.java
@@ -28,8 +28,6 @@
 import org.neo4j.kernel.api.exceptions.Status;
 import org.neo4j.kernel.api.security.AuthenticationResult;
 import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
-import org.neo4j.logging.Log;
-import org.neo4j.logging.LogProvider;
 import org.neo4j.server.security.auth.BasicAuthManager;
 import org.neo4j.server.security.auth.BasicAuthSubject;
 import org.neo4j.server.security.auth.PasswordPolicy;
@@ -40,7 +38,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Matchers.anyMap;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.neo4j.helpers.collection.MapUtil.map;
 
@@ -55,7 +52,7 @@ public void shouldNotDoAnythingOnSuccess() throws Exception
         // Given
         BasicAuthManager manager = mock( BasicAuthManager.class );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        BasicAuthentication authentication = new BasicAuthentication( manager, mock( LogProvider.class )  );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( manager.login( anyMap() ) ).thenReturn( authSubject );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.SUCCESS );
 
@@ -71,10 +68,7 @@ public void shouldThrowAndLogOnFailure() throws Exception
         // Given
         BasicAuthManager manager = mock( BasicAuthManager.class );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        Log log = mock( Log.class );
-        LogProvider logProvider = mock( LogProvider.class );
-        when( logProvider.getLog( BasicAuthentication.class ) ).thenReturn( log );
-        BasicAuthentication authentication = new BasicAuthentication( manager, logProvider );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( manager.login( anyMap() ) ).thenReturn( authSubject );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.FAILURE );
 
@@ -85,9 +79,6 @@ public void shouldThrowAndLogOnFailure() throws Exception
 
         // When
         authentication.authenticate( map( "scheme", "basic", "principal", "bob", "credentials", "secret" ) );
-
-        //Then
-        verify( log ).warn( "Failed authentication attempt for 'bob')" );
     }
 
     @Test
@@ -96,7 +87,7 @@ public void shouldIndicateThatCredentialsExpired() throws Exception
         // Given
         BasicAuthManager manager = mock( BasicAuthManager.class );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        BasicAuthentication authentication = new BasicAuthentication( manager, mock( LogProvider.class ) );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( manager.login( anyMap() ) ).thenReturn( authSubject );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.PASSWORD_CHANGE_REQUIRED );
 
@@ -114,7 +105,7 @@ public void shouldFailWhenTooManyAttempts() throws Exception
         // Given
         BasicAuthManager manager = mock( BasicAuthManager.class );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        BasicAuthentication authentication = new BasicAuthentication( manager, mock( LogProvider.class ) );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( manager.login( anyMap() ) ).thenReturn( authSubject );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.TOO_MANY_ATTEMPTS );
 
@@ -133,7 +124,7 @@ public void shouldBeAbleToUpdateCredentials() throws Exception
         // Given
         BasicAuthManager manager = mock( BasicAuthManager.class );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        BasicAuthentication authentication = new BasicAuthentication( manager, mock( LogProvider.class ) );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( manager.login( anyMap() ) ).thenReturn( authSubject );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.SUCCESS );
 
@@ -150,7 +141,7 @@ public void shouldBeAbleToUpdateExpiredCredentials() throws Exception
         // Given
         BasicAuthManager manager = mock( BasicAuthManager.class );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        BasicAuthentication authentication = new BasicAuthentication( manager, mock( LogProvider.class ) );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( manager.login( anyMap() ) ).thenReturn( authSubject );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.PASSWORD_CHANGE_REQUIRED );
 
@@ -167,7 +158,7 @@ public void shouldNotBeAbleToUpdateCredentialsIfOldCredentialsAreInvalid() throw
         // Given
         BasicAuthManager manager = mock( BasicAuthManager.class );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        BasicAuthentication authentication = new BasicAuthentication( manager, mock( LogProvider.class ) );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( manager.login( anyMap() ) ).thenReturn( authSubject );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.FAILURE );
 
@@ -187,7 +178,7 @@ public void shouldThrowWithNoScheme() throws Exception
         // Given
         BasicAuthManager manager = mock( BasicAuthManager.class );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        BasicAuthentication authentication = new BasicAuthentication( manager, mock( LogProvider.class ) );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( manager.login( anyMap() ) ).thenThrow( new InvalidAuthTokenException( "foo" ) );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.SUCCESS );
 
@@ -205,7 +196,7 @@ public void shouldFailOnUnknownScheme() throws Exception
         // Given
         BasicAuthManager manager = mock( BasicAuthManager.class );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        BasicAuthentication authentication = new BasicAuthentication( manager, mock( LogProvider.class ) );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( manager.login( anyMap() ) ).thenThrow( new InvalidAuthTokenException( "foo" ) );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.SUCCESS );
 
@@ -224,7 +215,7 @@ public void shouldFailOnMalformedToken() throws Exception
         BasicAuthManager manager = new BasicAuthManager( mock( UserRepository.class), mock( PasswordPolicy.class ),
                 FakeClock.systemUTC() );
         BasicAuthSubject authSubject = mock( BasicAuthSubject.class );
-        BasicAuthentication authentication = new BasicAuthentication( manager, mock( LogProvider.class ) );
+        BasicAuthentication authentication = new BasicAuthentication( manager );
         when( authSubject.getAuthenticationResult() ).thenReturn( AuthenticationResult.SUCCESS );
 
         // Expect
diff --git a/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/concurrent/RunnableBoltWorkerTest.java b/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/concurrent/RunnableBoltWorkerTest.java
index fc3e07fcf6054..05ae9e6c7bb9f 100644
--- a/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/concurrent/RunnableBoltWorkerTest.java
+++ b/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/concurrent/RunnableBoltWorkerTest.java
@@ -19,19 +19,47 @@
  */
 package org.neo4j.bolt.v1.runtime.concurrent;
 
+import org.junit.Before;
 import org.junit.Test;
+
+import org.neo4j.bolt.v1.runtime.BoltConnectionAuthFatality;
+import org.neo4j.bolt.v1.runtime.BoltProtocolBreachFatality;
 import org.neo4j.bolt.v1.runtime.BoltStateMachine;
+import org.neo4j.kernel.impl.logging.LogService;
 import org.neo4j.kernel.impl.logging.NullLogService;
+import org.neo4j.logging.AssertableLogProvider;
 
 import static org.mockito.Mockito.*;
+import static org.neo4j.logging.AssertableLogProvider.inLog;
 
 public class RunnableBoltWorkerTest
 {
+
+    private AssertableLogProvider internalLog;
+    private AssertableLogProvider userLog;
+    private LogService logService;
+    private BoltStateMachine machine;
+
+    @Before
+    public void setup()
+    {
+        internalLog = new AssertableLogProvider();
+        userLog = new AssertableLogProvider();
+        logService = mock( LogService.class );
+        when( logService.getUserLogProvider() ).thenReturn( userLog );
+        when( logService.getUserLog( RunnableBoltWorker.class ) )
+                .thenReturn( userLog.getLog( RunnableBoltWorker.class ) );
+        when( logService.getInternalLogProvider() ).thenReturn( internalLog );
+        when( logService.getInternalLog( RunnableBoltWorker.class ) )
+                .thenReturn( internalLog.getLog( RunnableBoltWorker.class ) );
+        machine = mock( BoltStateMachine.class );
+        when( machine.key() ).thenReturn( "test-session" );
+    }
+
     @Test
     public void shouldExecuteWorkWhenRun() throws Throwable
     {
         // Given
-        BoltStateMachine machine = mock( BoltStateMachine.class );
         RunnableBoltWorker worker = new RunnableBoltWorker( machine, NullLogService.getInstance() );
         worker.enqueue( s -> s.run( "Hello, world!", null, null ) );
         worker.enqueue( RunnableBoltWorker.SHUTDOWN );
@@ -49,7 +77,6 @@ public void shouldExecuteWorkWhenRun() throws Throwable
     public void errorThrownDuringExecutionShouldCauseSessionClose() throws Throwable
     {
         // Given
-        BoltStateMachine machine = mock( BoltStateMachine.class );
         RunnableBoltWorker worker = new RunnableBoltWorker( machine, NullLogService.getInstance() );
         worker.enqueue( s -> {
             throw new RuntimeException( "It didn't work out." );
@@ -61,4 +88,41 @@ public void errorThrownDuringExecutionShouldCauseSessionClose() throws Throwable
         // Then
         verify( machine ).close();
     }
+
+    @Test
+    public void authExceptionShouldNotBeLoggedHere() throws Throwable
+    {
+        // Given
+        RunnableBoltWorker worker = new RunnableBoltWorker( machine, logService );
+        worker.enqueue( s -> {
+            throw new BoltConnectionAuthFatality( "fatality" );
+        } );
+
+        // When
+        worker.run();
+
+        // Then
+        verify( machine ).close();
+        internalLog.assertNone( inLog( RunnableBoltWorker.class ).any() );
+        userLog.assertNone( inLog( RunnableBoltWorker.class ).any() );
+    }
+
+    @Test
+    public void protocolBreachesShouldBeLoggedWithoutStackTraces() throws Throwable
+    {
+        // Given
+        RunnableBoltWorker worker = new RunnableBoltWorker( machine, logService );
+        worker.enqueue( s -> {
+            throw new BoltProtocolBreachFatality( "protocol breach fatality" );
+        } );
+
+        // When
+        worker.run();
+
+        // Then
+        verify( machine ).close();
+        internalLog.assertExactly( inLog( RunnableBoltWorker.class ).error( "Bolt protocol breach in session " +
+                "'test-session'" ) );
+        userLog.assertNone( inLog( RunnableBoltWorker.class ).any() );
+    }
 }
diff --git a/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/integration/SessionRule.java b/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/integration/SessionRule.java
index 61cdb2752ec86..d377f461088f3 100644
--- a/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/integration/SessionRule.java
+++ b/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/integration/SessionRule.java
@@ -36,15 +36,12 @@
 import org.neo4j.bolt.security.auth.BasicAuthentication;
 import org.neo4j.bolt.v1.runtime.BoltStateMachine;
 import org.neo4j.bolt.v1.runtime.LifecycleManagedBoltFactory;
-import org.neo4j.bolt.v1.transport.integration.Neo4jWithSocket;
 import org.neo4j.graphdb.DependencyResolver;
 import org.neo4j.graphdb.config.Setting;
 import org.neo4j.graphdb.factory.GraphDatabaseSettings;
 import org.neo4j.kernel.api.bolt.BoltConnectionTracker;
 import org.neo4j.kernel.api.security.AuthManager;
-import org.neo4j.kernel.configuration.Config;
 import org.neo4j.kernel.impl.core.ThreadToStatementContextBridge;
-import org.neo4j.kernel.impl.logging.LogService;
 import org.neo4j.kernel.impl.logging.NullLogService;
 import org.neo4j.kernel.impl.transaction.log.TransactionIdStore;
 import org.neo4j.kernel.internal.GraphDatabaseAPI;
@@ -70,13 +67,15 @@ public void evaluate() throws Throwable
                 config.put( GraphDatabaseSettings.auth_enabled, Boolean.toString( authEnabled ) );
                 gdb = (GraphDatabaseAPI) new TestGraphDatabaseFactory().newImpermanentDatabase( config );
                 DependencyResolver resolver = gdb.getDependencyResolver();
-                LogService logService = NullLogService.getInstance();
-
-                Authentication authentication = authentication( resolver.resolveDependency( Config.class ),
-                        resolver.resolveDependency( AuthManager.class ), logService );
-                boltFactory = new LifecycleManagedBoltFactory( gdb, new UsageData( null ), logService,
-                                resolver.resolveDependency( ThreadToStatementContextBridge.class ),
-                                authentication, BoltConnectionTracker.NOOP );
+                Authentication authentication = authentication( resolver.resolveDependency( AuthManager.class ) );
+                boltFactory = new LifecycleManagedBoltFactory(
+                                        gdb,
+                                        new UsageData( null ),
+                                        NullLogService.getInstance(),
+                                        resolver.resolveDependency( ThreadToStatementContextBridge.class ),
+                                        authentication,
+                                        BoltConnectionTracker.NOOP
+                                    );
                 boltFactory.start();
                 try
                 {
@@ -99,9 +98,9 @@ public void evaluate() throws Throwable
         };
     }
 
-    private Authentication authentication( Config config, AuthManager authManager, LogService logService )
+    private Authentication authentication( AuthManager authManager )
     {
-        return new BasicAuthentication( authManager, logService.getInternalLogProvider() );
+        return new BasicAuthentication( authManager );
     }
 
     BoltStateMachine newMachine( String connectionDescriptor )