Purpose

The following warning message appears every time someone tries to access Bamboo and:

1. The person is not logged into the application.
2. The application is not set to allow anonymous access.

2016-05-19 12:16:30,076 WARN [http-nio-8085-exec-10] [AuthorizationLoggerListener] Authorization failed: org.acegisecurity.AccessDeniedException: Access is denied; authenticated principal: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@90545b24: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: 9009636C1598DF73F10F42AC9C238B5C; Granted Authorities: ROLE_ANONYMOUS; secure object: com.atlassian.bamboo.webwork.StarterAction@5f36e48; configuration attributes: [WW_READ, GLOBAL_READ]

The person is then redirected to the Bamboo Login page. If anonymous access is allowed, this does not show up in the logs.

It is possible to suppress these entries if you would like to omit them from your logs.

Solution

For Bamboo versions prior 9

1. Open your log4j.properties file, which is located at $BAMBOO_INSTALL/atlassian-bamboo/WEB-INF/classes/log4j.properties

2. Add the following property to the end of the file: 

   log4j.category.com.atlassian.bamboo.security.acegi.acls.AuthorizationLoggerListener=ERROR

3. Restart Bamboo for the new property to take effect

For Bamboo version 9 and above

1. Open your log4j2.properties file, which is located at $BAMBOO_INSTALL/atlassian-bamboo/WEB-INF/classes/log4j2.properties

2. Add the following property to the end of the file: 

   logger.bamboo-acegi.level=ERROR
   logger.bamboo-acegi.name=com.atlassian.bamboo.security.acegi.acls.AuthorizationLoggerListener

3. Restart Bamboo for the new property to take effect