[jboss-jira] [JBoss JIRA] (SECURITY-801) Modify authentication logic so that exceptions that occur in the role mapping providers do not cause authentication failures

Derek Horton (JIRA) issues at jboss.org
Thu Feb 20 12:55:47 EST 2014 

     [ https://issues.jboss.org/browse/SECURITY-801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Derek Horton updated SECURITY-801:
----------------------------------

    Description: 
This is an extension of SECURITY-797.

Currently, if the role mapping providers throw an exception then the authentication request fails.  It seems like exception should be logged, but failures in role mapping should not cause the authentication request to fail.

<quote from SECURITY-797>
One thing we could do is log exceptions thrown by mapping managers at WARN or ERROR level and let the invocation go through. Authentication will succeed and if authorization fails an admin can check the logs to find out why mapping has failed.
</quote from SECURITY-797>

  was:This is an extension of SECURITY-797.


    
> Modify authentication logic so that exceptions that occur in the role mapping providers do not cause authentication failures
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SECURITY-801
>                 URL: https://issues.jboss.org/browse/SECURITY-801
>             Project: PicketBox 
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: JBossSX
>    Affects Versions: PicketBox_4_0_20.Final
>            Reporter: Derek Horton
>            Assignee: Stefan Guilhen
>
> This is an extension of SECURITY-797.
> Currently, if the role mapping providers throw an exception then the authentication request fails.  It seems like exception should be logged, but failures in role mapping should not cause the authentication request to fail.
> <quote from SECURITY-797>
> One thing we could do is log exceptions thrown by mapping managers at WARN or ERROR level and let the invocation go through. Authentication will succeed and if authorization fails an admin can check the logs to find out why mapping has failed.
> </quote from SECURITY-797>

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list