JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false -------------------------------------------------------------------------------------------------------------------- Key: SECURITY-938 URL: https://issues.jboss.org/browse/SECURITY-938 Project: PicketBox Issue Type: Bug Components: PicketBox Reporter: Lin Gao Assignee: Lin Gao Priority: Critical When some login-modules failed, JBossSecuritySubjectFactory will swallow the root cause of the LoginException, which will hide the message of the root cause. The suspicious code is at: [JBossSecuritySubjectFactory.createSubject()|https://github.com/jbossas/re...] method,