[jboss-jira] [JBoss JIRA] (SECURITY-859) Authentication failure due to a login module misconfiguration is not reported if principal is null
Ivo Studensky (JIRA)
issues at jboss.org
Thu Sep 11 07:17:19 EDT 2014
Ivo Studensky created SECURITY-859:
--------------------------------------
Summary: Authentication failure due to a login module misconfiguration is not reported if principal is null
Key: SECURITY-859
URL: https://issues.jboss.org/browse/SECURITY-859
Project: PicketBox
Issue Type: Bug
Components: PicketBox
Affects Versions: PicketBox_4_0_19.SP5, PicketBox_4_0_21.Beta2
Reporter: Ivo Studensky
Assignee: Peter Skopek
Any misconfiguration of a login module leading to authentication failure used to be reported at trace level for anonymous user (principal == null) until SECURITY-660. Right now it is reported at debug level, but only if principal != null.
I am going to propose a fix to report the cause of such a failure at debug level despite the principal value. So that customers can see for example "javax.security.auth.login.LoginException: unable to find LoginModule class: ..." in their logs instead of "PBOX000016: Access denied" only.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list