[
https://issues.jboss.org/browse/SECURITY-573?page=com.atlassian.jira.plug...
]
Darran Lofthouse updated SECURITY-573:
--------------------------------------
Fix Version/s: Negotiation_2_1_3
(was: Negotiation_2_1_2)
Improve handling of IOException thrown from NegotiationAuthenticator
--------------------------------------------------------------------
Key: SECURITY-573
URL:
https://issues.jboss.org/browse/SECURITY-573
Project: PicketBox
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Negotiation
Affects Versions: Negotiation_2.0.3.GA
Environment: JBoss EPP 5.1.GA with SPNEGO support, JBoss Negotiation 2.0.3,
commons-http-client 3.1 used as HTTP client
Reporter: Marek Posolda
Assignee: Darran Lofthouse
Fix For: Negotiation_2_1_3
Currently if IOException is thrown from NegotiationAuthenticator (For example from line
123 from statement: NegotiationMessage requestMessage = mf.createMessage(authTokenIS); )
then this exception is never logged but it's catched and ignored in
CoyoteAdapter.service. Result is that client receives response code 200 OK and emtpy HTTP
response. And there is nothing in server log, which can be used to recognize error. So I
need to debug if I want to find the real cause of IO issue.
Example for simulating of this issue can be using of Kerberos OID instead of SPNEGO OID
as described in Jira SECURITY-572
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira