Support for jaas CredentialExpiredException and AccountExpiredException ----------------------------------------------------------------------- Key: JBAS-47 URL: http://jira.jboss.com/jira/browse/JBAS-47 Project: JBoss Application Server Issue Type: Feature Request Security Level: Public(Everyone can see) Components: Security, EJB2 Affects Versions: JBossAS-4.0.0 Final, JBossAS-3.2.6 Final, JBossAS-3.2.5 Final Environment: All Reporter: Sergio Berna Assigned To: Scott M Stark Fix For: JBossAS-4.0.1 Final, JBossAS-3.2.7 Final Original Estimate: 1 day Remaining Estimate: 1 day When using a standalone EJB client and JAAS ClientLoginModule correctly authenticates user. But in case a CredentialsExpiredException or AccountExpiredException happens the exception that the standalone client receives is just SecurityException with no other information provided and no way to retrieve the exact cause from the client side. Inside the server it is possible to use org.jboss.security.SecurityAssociation and its corresponding key org.jboss.security.exception but this is not propagated to the client through the ClientLoginModule making it absolutely impossible for the client application, for example, to start a Credential change. I need a way to notify a standalone client of the corresponding javax.security.auth.login.LoginException that happens inside the JAAS LoginModule. In JDK 1.4 it would be possible to use the public Throwable initCause(Throwable cause) from SecurityException, but not in 1.3 or 1.2.