-
Bug
-
Resolution: Fixed
-
Medium
-
8.6.1, 8.5.5
-
19
-
Severity 3 - Minor
-
65
-
Issue Summary
This is reproducible on Data Center: Yes
Steps to Reproduce
- Install 8.6.1 Confluence
- Login to Confluence and perform any action
- atlassian-confluence.log file will be spammed with the below warning messages
Expected Results
Should not spam the log file.
Actual Results
The below exception is thrown in the xxxxxxx.log file:
2023-11-10 19:33:38,617 WARN [http-nio-8090-exec-3 url: /, /dashboard.action; user: admin] [opensymphony.xwork2.ognl.SecurityMemberAccess] isAccessible Access to non-public [protected com.atlassian.confluence.setup.settings.SettingsManager com.atlassian.confluence.core.ConfluenceActionSupport.settingsManager] is blocked! -- url: / | userName: admin | traceId: 3e847c830d995d49 2023-11-10 19:34:13,991 WARN [http-nio-8090-exec-5 url: /display/TEST/New+Page, /pages/viewpage.action; user: admin] [opensymphony.xwork2.ognl.SecurityMemberAccess] isAccessible Access to non-public [protected com.atlassian.confluence.setup.settings.SettingsManager com.atlassian.confluence.core.ConfluenceActionSupport.settingsManager] is blocked! -- url: /display/TEST/New+Page | userName: admin | referer: http://localhost:8090/ | traceId: e3549de2a1869951 2023-11-10 19:34:46,784 WARN [http-nio-8090-exec-7 url: /display/TEST/Test, /pages/viewpage.action; user: admin] [opensymphony.xwork2.ognl.SecurityMemberAccess] isAccessible Access to non-public [protected com.atlassian.confluence.setup.settings.SettingsManager com.atlassian.confluence.core.ConfluenceActionSupport.settingsManager] is blocked! -- page: 98361 | referer: http://localhost:8090/pages/resumedraft.action?draftId=98378&draftShareId=4158ee81-1555-4d7c-a704-13080fe205fd& | traceId: f92e3d5b387400ef | userName: admin | action: viewpage | url: /display/TEST/Test 2023-11-10 19:34:46,827 WARN [http-nio-8090-exec-7 url: /display/TEST/Test, /pages/viewpage.action; user: admin] [opensymphony.xwork2.ognl.SecurityMemberAccess] isAccessible Access to non-public [protected com.atlassian.confluence.setup.settings.SettingsManager com.atlassian.confluence.core.ConfluenceActionSupport.settingsManager] is blocked! -- url: /display/TEST/Test | userName: admin | referer: http://localhost:8090/pages/resumedraft.action?draftId=98378&draftShareId=4158ee81-1555-4d7c-a704-13080fe205fd& | traceId: f92e3d5b387400ef
Workaround
- Edit the <confluence-install-folder>/confluence/WEB-INF/classes/log4j.properties file
- Add these entries at the end of the file:
log4j.logger.com.opensymphony.xwork2.ognl.SecurityMemberAccess=ERROR
- Save the file and restart your Confluence instance.
Hi All,
I'm marking this one as closed as it's been fixed in a previous version of Confluence.
I note some customers reporting the issue in other versions than Confluence 8.6.1. Upon reviewing all of these reports, the log message is similar, but different. The issue itself was problematic as it occurred on every page load, where as the other reports only occur on specific pages making specific calls mostly from plugins. With the other logs entries, the log pollution is much less.
On that basis, I've closed out the ticket.
Thanks,
James Ponting
Engineering Manager - Confluence Data Center