]
RH Bugzilla Integration commented on SECURITY-759:
--------------------------------------------------
Paul Gier <pgier(a)redhat.com> changed the Status of [bug
JASPIServerAuthenticationManager.isValid method should log
configuration problems at WARN or ERROR level
--------------------------------------------------------------------------------------------------------
Key: SECURITY-759
URL:
https://issues.jboss.org/browse/SECURITY-759
Project: PicketBox
Issue Type: Enhancement
Security Level: Public(Everyone can see)
Components: JBossSX
Affects Versions: PicketBox_4_0_20.Beta1
Reporter: Stefan Guilhen
Assignee: Stefan Guilhen
Fix For: 2.0.3.Beta2
As reported by Josef Cacek:
All fatal exception are swallowed in JASPIServerAuthenticationManager.isValid() method.
{code}
// PicketBox 4.0.9 used in EAP 6.0.0 - TRACE level
catch(AuthException ae)
{
if(trace)
log.trace("AuthException:",ae);
}
// PicketBox 4.0.14 - DEBUG level
catch(AuthException ae)
{
PicketBoxLogger.LOGGER.debugIgnoredException(ae);
}
{code}
It includes configuration errors, which should absolutely be visible on ERROR log level
or another relevant level.
We need to make sure to use ERROR log if the user-defined module cannot be found for
instance.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: