[jboss-jira] [JBoss JIRA] (JBAS-9203) EJBAccessException doesnt contain my LoginException thrown in a custom LoginModule (login-Method)

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Wed Nov 14 09:00:23 EST 2012 

    [ https://issues.jboss.org/browse/JBAS-9203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12734126#comment-12734126 ] 

Darran Lofthouse commented on JBAS-9203:
----------------------------------------

At best you may be able to justify a feature request to ask for this to be enabled but providing detailed information to an attacker is not something we will do by default.  Unfortunately active development has also moved on from AS6 to AS7 so this is most likely an AS7 or 8 feature request.
                
> EJBAccessException doesnt contain my LoginException thrown in a custom LoginModule (login-Method)
> -------------------------------------------------------------------------------------------------
>
>                 Key: JBAS-9203
>                 URL: https://issues.jboss.org/browse/JBAS-9203
>             Project: Application Server 3  4  5 and 6
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: 6.0.0.Final
>            Reporter: Felix Ullrich
>            Assignee: Anil Saldhana
>         Attachments: Ejb3AuthenticationInterceptorv2.java
>
>
> This problem was already mentioned here [http://community.jboss.org/message/114379] and ignored here [https://issues.jboss.org/browse/JBAS-7324].
> A thrown LoginException in a custom LoginModule is not correctly wrapped into the javax.ejb.EJBAccessException on client-side. The cause of EJBAccessException is just not set - its null...
> The RemoteClient-Code looks like this 
> {code:title=RemoteClient.java|borderStyle=solid}
> try {
>   ejb.someMethod();
> } catch (final EJBAccessException e) {
>   e.printStackTrace();
>   throw e.getCause();
> }
> {code}
> and the Stacktrace:
> {code}
> javax.ejb.EJBAccessException: Invalid User
> 	at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:161)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:603)
> 	at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
> 	at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
> 	at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
> 	at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:898)
> 	at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:791)
> 	at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:744)
> 	at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:548)
> 	at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234)
> 	at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:216)
> 	at org.jboss.remoting.Client.invoke(Client.java:1961)
> 	at org.jboss.remoting.Client.invoke(Client.java:804)
> 	at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:77)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.async.impl.interceptor.AsynchronousClientInterceptor.invoke(AsynchronousClientInterceptor.java:143)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
> 	at $Proxy8.invoke(Unknown Source)
> 	at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185)
> 	at $Proxy7.findAll(Unknown Source)
> 	at RemoteClient.main(RemoteClient.java:22)
> 	at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:72)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:77)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.async.impl.interceptor.AsynchronousClientInterceptor.invoke(AsynchronousClientInterceptor.java:143)
> 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
> 	at $Proxy8.invoke(Unknown Source)
> 	at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185)
> 	at $Proxy7.findAll(Unknown Source)
> 	at RemoteClient.main(RemoteClient.java:22)
> Exception in thread "main" java.lang.NullPointerException
> 	at RemoteClient.main(RemoteClient.java:25)
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list