diff --git a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java index e673725b942f..b2b29a7d583d 100644 --- a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java +++ b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java @@ -89,7 +89,7 @@ public UserDetails loadUserByUsername( String username ) if ( ObjectUtils.anyIsFalse( enabled, credentialsNonExpired, accountNonLocked, accountNonExpired ) ) { - log.info( String.format( + log.debug( String.format( "Login attempt for disabled/locked user: '%s', enabled: %b, account non-expired: %b, credentials non-expired: %b, account non-locked: %b", username, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked ) ); } diff --git a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/spring2fa/TwoFactorAuthenticationProvider.java b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/spring2fa/TwoFactorAuthenticationProvider.java index 182614df3976..6529265fbfbe 100644 --- a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/spring2fa/TwoFactorAuthenticationProvider.java +++ b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/spring2fa/TwoFactorAuthenticationProvider.java @@ -115,14 +115,14 @@ public Authentication authenticate( Authentication auth ) if ( securityService.isLocked( username ) ) { - log.info( String.format( "Temporary lockout for user: %s and IP: %s", username, ip ) ); + log.debug( String.format( "Temporary lockout for user: %s and IP: %s", username, ip ) ); throw new LockedException( String.format( "IP is temporarily locked: %s", ip ) ); } if ( !LongValidator.getInstance().isValid( code ) || !SecurityUtils.verify( userCredentials, code ) ) { - log.info( + log.debug( String.format( "Two-factor authentication failure for user: %s", userCredentials.getUsername() ) ); throw new BadCredentialsException( "Invalid verification code" ); diff --git a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/security/config/AuthenticationListener.java b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/security/config/AuthenticationListener.java index 2f475bcee75a..a373b6738739 100644 --- a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/security/config/AuthenticationListener.java +++ b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/security/config/AuthenticationListener.java @@ -76,7 +76,7 @@ public void handleAuthenticationFailure( AbstractAuthenticationFailureEvent even { TwoFactorWebAuthenticationDetails authDetails = (TwoFactorWebAuthenticationDetails) details; - log.info( String.format( "Login attempt failed for remote IP: %s", authDetails.getIp() ) ); + log.debug( String.format( "Login attempt failed for remote IP: %s", authDetails.getIp() ) ); } if ( OAuth2LoginAuthenticationToken.class.isAssignableFrom( auth.getClass() ) ) @@ -93,7 +93,7 @@ public void handleAuthenticationFailure( AbstractAuthenticationFailureEvent even WebAuthenticationDetails tokenDetails = (WebAuthenticationDetails) authenticationToken.getDetails(); String remoteAddress = tokenDetails.getRemoteAddress(); - log.info( String.format( "OIDC login attempt failed for remote IP: %s", remoteAddress ) ); + log.debug( String.format( "OIDC login attempt failed for remote IP: %s", remoteAddress ) ); } securityService.registerFailedLogin( username );