Krzysztof Koziol (Migrated from SEC-1919) said:
When LDAP server is not available AuthenticationServiceException should be logged on the ERROR level not on DEBUG.
Rob Winch said:
First, I agree that we need to handle this particular instance of AuthenticationServiceException differently. However, we should not log all AuthenticationServiceExceptions at an error level as this can allow a type of Denial of Service (DoS) attack. For example, if an OpenID Provider (OP) fails to authenticate a user an AuthenticationServiceException is thrown. This means that users that have setup their own OP or are knowledgeable enough to construct URLs that look like an OP can hit the server hard and fill up the error logs. The IO of the logging can slow the service down significantly, not to mention it can fill up the disk. In short, for scenarios where an external entity fails we still should log at debug level to prevent this sort of behavior.
For this specific JIRA, the communication is with the LDAP server. The LDAP Server should be a trusted entity (i.e. it won't fail just to fill up our logs) and so we should handle this situation with quite a bit more noise. The solution we are using is that we will create a new Exception that extends the AuthenticationServiceException named InternalAuthenticationServiceException. The new Exception will be thrown by the LDAP tier and logged as an error by the web tier.
Krzysztof Koziol said:
I agree, introducing the new InternalAuthenticationServiceException that will be logged as an error would work for me.
Thanks for your feedback :)