[
https://issues.jboss.org/browse/ELY-1423?page=com.atlassian.jira.plugin.s...
]
Jan Kalina moved JBEAP-13564 to ELY-1423:
-----------------------------------------
Project: WildFly Elytron (was: JBoss Enterprise Application Platform)
Key: ELY-1423 (was: JBEAP-13564)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Authentication Client
(was: EJB)
(was: Remoting)
(was: Security)
Affects Version/s: 1.2.0.Beta8
(was: 7.1.0.ER2)
Elytron/Remoting/EJB - Exception from failed authentication differs
depending on previous calls
-----------------------------------------------------------------------------------------------
Key: ELY-1423
URL:
https://issues.jboss.org/browse/ELY-1423
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Client
Affects Versions: 1.2.0.Beta8
Reporter: Jan Kalina
Assignee: Jan Kalina
Priority: Critical
Exception presented to a client when EJB authentication fails should be the same for
first authentication and subsequent authentications.
I have following scenario:
{noformat}
EJB Client -> EntryBean (server1) -> WhoAmIBean (server2)
{noformat}
the Client provides correct credentials to server 1 and EntryBean makes reauthentication
to server2.
When I use wrong credentials for server2 in EntryBean, the call fails with:
{noformat}
org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException:
Authentication failed: all available authentication mechanisms failed
{noformat}
When I run the scenario twice and use a correct credentials in EntryBean first and wrong
in the second run, then the Exception is different:
{noformat}
org.jboss.ejb.client.RequestSendFailedException:
org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no
mechanisms left)
{noformat}
From a client POV the exception should be the same in every call:
* to allow safer exception handling in client code
* to avoid disclosure shared connection details
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)