[jboss-jira] [JBoss JIRA] Commented: (JBAS-5802) BaseConnectionManager2 does not propagate or log authentication exception cause

Carsten Mjartan (JIRA) jira-events at lists.jboss.org
Tue Jul 29 02:37:53 EDT 2008 

    [ https://jira.jboss.org/jira/browse/JBAS-5802?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12422835#action_12422835 ] 

Carsten Mjartan commented on JBAS-5802:
---------------------------------------

You are right, the end user should not see the exception, it should just be logged out without need to tweak logging (configuration errors are ERRORs in my opinion).

> BaseConnectionManager2 does not propagate or log authentication exception cause
> -------------------------------------------------------------------------------
>
>                 Key: JBAS-5802
>                 URL: https://jira.jboss.org/jira/browse/JBAS-5802
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: JCA service, Security
>    Affects Versions: JBossAS-4.2.2.GA
>         Environment: JBoss AS 4.3.0 / 4.2.2, DB2 XA-Connection errors
>            Reporter: Carsten Mjartan
>
> In org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(), the following code handles authentication errors while obtaining a new database connection from the pool:
>         ...
>          if (securityDomain.isValid(principal, credential, subject) == false)
>             throw new SecurityException("Invalid authentication attempt, principal=" + principal);
>         ...
> If there are errors during authentication, they are not logged or rethrown like it's done in AuthenticationInterceptor:
>         ...
>         if (authenticationManager.isValid(principal, credential, subject) == false)
>          {
>             // Check for the security association exception
>             Exception ex = SecurityActions.getContextException();
>             if (ex != null)
>                throw ex;
>         ...
> In our case, we had a bug in our login-config for the security domain being used for the database connections. The real exception came from the LoginModule's initialize method, but the only message we got is a SecurityException with 'Invalid authentication attempt'. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list