Skip to main content
Version Pentaho
Hitachi Vantara Lumada and Pentaho Documentation

Log Output Analysis

  1. Last updated
  2. Save as PDF

The information you need to look for in pentaho.log in order to troubleshoot security configuration problems should be fairly self-evident. If you are having trouble, consult the examples below.

When you request a page that is protected but you are not yet logged in, you should see an exception in the log which looks like this:

DEBUG [ExceptionTranslationFilter] Access is denied (user is anonymous);
            redirecting to authentication entry point org.springframework.security.AccessDeniedException:
            Access is denied

When the user name and/or password doesn't match what's stored in the back end, you should see a log message like this:

WARN [LoggerListener] Authentication event
            AuthenticationFailureBadCredentialsEvent: suzy; details:
            org.springframework.security.ui.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1;
            SessionId: 976C95033136070E0200D6DA26CB0277; exception: Bad credentials

When the user name and password match, you should see a log message that looks like the example below. After the InteractiveAuthenticationSuccessEvent, one of the filters will show the roles fetched for the authenticated user. Compare these roles to the page-role mapping found in the filterInvocationInterceptor bean in applicationContext-spring-security.xml.

WARN [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent:
            suzy; details: org.springframework.security.ui.WebAuthenticationDetails@fffd148a: RemoteIpAddress:
            127.0.0.1; SessionId: 976C95033136070E0200D6DA26CB0277 DEBUG
            [HttpSessionContextIntegrationFilter] SecurityContext stored to HttpSession:
            'org.springframework.security.context.SecurityContextImpl@2b86afeb: Authentication:
            org.springframework.security.providers.UsernamePasswordAuthenticationToken@2b86afeb: Username:
            org.springframework.security.userdetails.ldap.LdapUserDetailsImpl@d7f51e; Password: [PROTECTED];
            Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@fffd148a:
            RemoteIpAddress: 127.0.0.1; SessionId: 976C95033136070E0200D6DA26CB0277; Granted
            Authorities: ROLE_CTO, ROLE_IS, ROLE_AUTHENTICATED'

If you are troubleshooting LDAP problems, look for log output similar to this:

DEBUG [DirMgrBindAuthenticator] (LoggingInterceptor) Return value: LdapUserInfo:
            org.springframework.security.providers.ldap.LdapUserInfo@1f31c64[dn=uid=suzy,ou=users,ou=system,attributes={mail=mail:
            suzy.pentaho@pentaho.org, uid=uid: suzy, userpassword=userpassword: [B@e17c9c,
            businesscategory=businesscategory: cn=cto,ou=roles,ou=system, cn=is,ou=roles,ou=system,
            objectclass=objectClass: organizationalPerson, person, groupOfUniqueNames,
            inetOrgPerson, top, uniquemember=uniquemember: cn=cto, ou=roles, cn = is , ou = roles,
            sn=sn: Pentaho, cn=cn: suzy}]