Only log messages from security exceptions

dsyer · dsyer · commit 05f30e2a86a9 · 2026-04-20T14:12:49.000+01:00
Don't return them to the caller, in case a bad actor is probing
for account information.
diff --git a/spring-grpc-core/src/main/java/org/springframework/grpc/server/security/SecurityGrpcExceptionHandler.java b/spring-grpc-core/src/main/java/org/springframework/grpc/server/security/SecurityGrpcExceptionHandler.java
@@ -42,13 +42,13 @@ public class SecurityGrpcExceptionHandler implements GrpcExceptionHandler {
 			if (logger.isDebugEnabled()) {
 				logger.error("Failed to authenticate", exception);
 			}
-			return Status.UNAUTHENTICATED.withDescription(exception.getMessage()).asException();
+			return Status.UNAUTHENTICATED.withDescription("Authentication failed").asException();
 		}
 		if (exception instanceof AccessDeniedException) {
 			if (logger.isDebugEnabled()) {
 				logger.error("Failed to authorize", exception);
 			}
-			return Status.PERMISSION_DENIED.withDescription(exception.getMessage()).asException();
+			return Status.PERMISSION_DENIED.withDescription("Access denied").asException();
 		}
 		return null;
 	}

Original file line number	Diff line number	Diff line change
`@@ -42,13 +42,13 @@ public class SecurityGrpcExceptionHandler implements GrpcExceptionHandler {`
`42`	`42`	`if (logger.isDebugEnabled()) {`
`43`	`43`	`logger.error("Failed to authenticate", exception);`
`44`	`44`	`}`
`45`		`- return Status.UNAUTHENTICATED.withDescription(exception.getMessage()).asException();`
	`45`	`+ return Status.UNAUTHENTICATED.withDescription("Authentication failed").asException();`
`46`	`46`	`}`
`47`	`47`	`if (exception instanceof AccessDeniedException) {`
`48`	`48`	`if (logger.isDebugEnabled()) {`
`49`	`49`	`logger.error("Failed to authorize", exception);`
`50`	`50`	`}`
`51`		`- return Status.PERMISSION_DENIED.withDescription(exception.getMessage()).asException();`
	`51`	`+ return Status.PERMISSION_DENIED.withDescription("Access denied").asException();`
`52`	`52`	`}`
`53`	`53`	`return null;`
`54`	`54`	`}`