[jboss-jira] [JBoss JIRA] (SECURITY-938) JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false
Lin Gao (JIRA)
issues at jboss.org
Sun Apr 17 10:16:00 EDT 2016
[ https://issues.jboss.org/browse/SECURITY-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lin Gao updated SECURITY-938:
-----------------------------
Git Pull Request: https://github.com/jbossas/redhat-picketbox/pull/13, https://github.com/jbossas/redhat-picketbox/pull/16 (was: https://github.com/jbossas/redhat-picketbox/pull/13, https://github.com/jbossas/redhat-picketbox/pull/15)
> JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false
> --------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-938
> URL: https://issues.jboss.org/browse/SECURITY-938
> Project: PicketBox
> Issue Type: Bug
> Components: PicketBox
> Reporter: Lin Gao
> Assignee: Lin Gao
>
> When some login-modules failed, JBossSecuritySubjectFactory will swallow the root cause of the LoginException, which will hide the message of the root cause.
> The suspicious code is at: [JBossSecuritySubjectFactory.createSubject()|https://github.com/jbossas/redhat-picketbox/blob/eap-7.x/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java#L83-L84] method,
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list