[JBoss JIRA] Created: (AS7-993) Remove noise from start/stop console log
by Max Rydahl Andersen (JIRA)
Remove noise from start/stop console log
----------------------------------------
Key: AS7-993
URL: https://issues.jboss.org/browse/AS7-993
Project: Application Server 7
Issue Type: Bug
Reporter: Max Rydahl Andersen
latest trunk still prints the following on Ctrl+C/Stop:
16:05:20,700 INFO [org.jboss.as.osgi] (MSC service thread 1-3) Stopping OSGi Framework
16:05:20,738 INFO [org.jboss.as.logging] Restored bootstrap log handlers
16:05:20,768 INFO [com.arjuna.ats.jbossatx] ARJUNA32018: Destroying TransactionManagerService
16:05:20,769 INFO [com.arjuna.ats.jbossatx] ARJUNA32014: Stopping transaction recovery manager
16:05:20,802 INFO [org.hornetq.core.server.impl.HornetQServerImpl] HornetQ Server version 2.2.2.Final (super-hornetq-fighter, 122) [0462442a-936a-11e0-ac45-001c42000009] stopped
16:05:20,805 INFO [org.jboss.as] JBoss AS 7.0.0.Beta4-SNAPSHOT "(TBD)" stopped in 102ms
Besides the last one why do we need to info log stopping of osgi, log handlers, arjuna and recovery managers and hornetq ?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 8 months
[JBoss JIRA] (SECURITY-642) UsernamePasswordLM causes NPE in SecurityVaultUtil when user provides wrong username
by Stefan Guilhen (JIRA)
Stefan Guilhen created SECURITY-642:
---------------------------------------
Summary: UsernamePasswordLM causes NPE in SecurityVaultUtil when user provides wrong username
Key: SECURITY-642
URL: https://issues.jboss.org/browse/SECURITY-642
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: PicketBox_v4_0_6.Beta2
Reporter: Stefan Guilhen
Assignee: Anil Saldhana
Fix For: PicketBox_v4_0_6
Application is protected by a security domain that uses the UsersRolesLoginModule. If the user attempts a login with the right username and wrong pw, the login fails and the message in the AS7 logs display the correct reason for auth failure. However, if the user supplies an username that has not been added to the users.properties file, the login fails and the AS7 logs display an NPE instead of the correct reason message:
15:33:37,622 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.LoginException: java.lang.NullPointerException
at org.jboss.security.vault.SecurityVaultUtil.isVaultFormat(SecurityVaultUtil.java:59)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:250)
at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155)
The relevant code in UsernamePasswordLoginModule is this:
String expectedPassword = getUsersPassword();
//Check if the password is vaultified
if(SecurityVaultUtil.isVaultFormat(expectedPassword))
{
try
{
expectedPassword = SecurityVaultUtil.getValueAsString(expectedPassword);
}
catch (SecurityVaultException e)
{
LoginException le = new LoginException(ErrorCodes.PROCESSING_FAILED + "Unable to get the password value from vault");
le.initCause(e);
throw le;
}
}
The problem occurs because getUsersPassword() returns null since the properties file doesn't have a property that matches the supplied username. We need to verify if the expectedPassword is null before calling the vault util or change the vault util method to check for a null param.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 8 months