[jboss-jira] [JBoss JIRA] (SECURITY-938) JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false

Lin Gao (JIRA) issues at jboss.org
Mon Mar 14 10:46:00 EDT 2016 

Lin Gao created SECURITY-938:
--------------------------------

             Summary: JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false
                 Key: SECURITY-938
                 URL: https://issues.jboss.org/browse/SECURITY-938
             Project: PicketBox 
          Issue Type: Bug
          Components: PicketBox
            Reporter: Lin Gao
            Assignee: Stefan Guilhen
            Priority: Minor


When some login-modules failed, JBossSecuritySubjectFactory will swallow the root cause of the LoginException, which will hide the message of the root cause.

The suspicious  code is at: [JBossSecuritySubjectFactory.createSubject()|https://github.com/jbossas/redhat-picketbox/blob/eap-7.x/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java#L83-L84] method, 



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list