[jboss-jira] [JBoss JIRA] (SECURITY-759) JASPIServerAuthenticationManager.isValid method should log configuration problems at WARN or ERROR level
RH Bugzilla Integration (JIRA)
jira-events at lists.jboss.org
Fri Oct 25 15:55:03 EDT 2013
[ https://issues.jboss.org/browse/SECURITY-759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12825140#comment-12825140 ]
RH Bugzilla Integration commented on SECURITY-759:
--------------------------------------------------
Stefan Guilhen <sguilhen at redhat.com> changed the Status of [bug 901074|https://bugzilla.redhat.com/show_bug.cgi?id=901074] from NEW to MODIFIED
> JASPIServerAuthenticationManager.isValid method should log configuration problems at WARN or ERROR level
> --------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-759
> URL: https://issues.jboss.org/browse/SECURITY-759
> Project: PicketBox
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: PicketBox_4_0_20.Beta1
> Reporter: Stefan Guilhen
> Assignee: Stefan Guilhen
> Fix For: 2.0.3.Beta2
>
>
> As reported by Josef Cacek:
> All fatal exception are swallowed in JASPIServerAuthenticationManager.isValid() method.
> {code}
> // PicketBox 4.0.9 used in EAP 6.0.0 - TRACE level
> catch(AuthException ae)
> {
> if(trace)
> log.trace("AuthException:",ae);
> }
> // PicketBox 4.0.14 - DEBUG level
> catch(AuthException ae)
> {
> PicketBoxLogger.LOGGER.debugIgnoredException(ae);
> }
> {code}
> It includes configuration errors, which should absolutely be visible on ERROR log level or another relevant level.
> We need to make sure to use ERROR log if the user-defined module cannot be found for instance.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list