[jboss-jira] [JBoss JIRA] (SECURITY-938) JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false
RH Bugzilla Integration (JIRA)
issues at jboss.org
Mon Jun 6 11:20:00 EDT 2016
[ https://issues.jboss.org/browse/SECURITY-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13248463#comment-13248463 ]
RH Bugzilla Integration commented on SECURITY-938:
--------------------------------------------------
Brad Maxwell <bmaxwell at redhat.com> changed the Status of [bug 1315441|https://bugzilla.redhat.com/show_bug.cgi?id=1315441] from ASSIGNED to CLOSED
> JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false
> --------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-938
> URL: https://issues.jboss.org/browse/SECURITY-938
> Project: PicketBox
> Issue Type: Bug
> Components: PicketBox
> Reporter: Lin Gao
> Assignee: Lin Gao
> Priority: Critical
>
> When some login-modules failed, JBossSecuritySubjectFactory will swallow the root cause of the LoginException, which will hide the message of the root cause.
> The suspicious code is at: [JBossSecuritySubjectFactory.createSubject()|https://github.com/jbossas/redhat-picketbox/blob/eap-7.x/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java#L83-L84] method,
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list