[jboss-jira] [JBoss JIRA] (SECURITY-759) JASPIServerAuthenticationManager.isValid method should log configuration problems at WARN or ERROR level
Stefan Guilhen (JIRA)
jira-events at lists.jboss.org
Tue Oct 22 21:06:01 EDT 2013
Stefan Guilhen created SECURITY-759:
---------------------------------------
Summary: JASPIServerAuthenticationManager.isValid method should log configuration problems at WARN or ERROR level
Key: SECURITY-759
URL: https://issues.jboss.org/browse/SECURITY-759
Project: PicketBox
Issue Type: Enhancement
Security Level: Public (Everyone can see)
Components: JBossSX
Affects Versions: PicketBox_4_0_20.Beta1
Reporter: Stefan Guilhen
Assignee: Stefan Guilhen
Fix For: 2.0.3.Beta2
As reported by Josef Cacek:
All fatal exception are swallowed in JASPIServerAuthenticationManager.isValid() method.
{code}
// PicketBox 4.0.9 used in EAP 6.0.0 - TRACE level
catch(AuthException ae)
{
if(trace)
log.trace("AuthException:",ae);
}
// PicketBox 4.0.14 - DEBUG level
catch(AuthException ae)
{
PicketBoxLogger.LOGGER.debugIgnoredException(ae);
}
{code}
It includes configuration errors, which should absolutely be visible on ERROR log level or another relevant level.
We need to make sure to use ERROR log if the user-defined module cannot be found for instance.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list