[jboss-jira] [JBoss JIRA] (SECURITY-938) JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false
Lin Gao (JIRA)
issues at jboss.org
Wed Mar 16 02:54:00 EDT 2016
[ https://issues.jboss.org/browse/SECURITY-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13177492#comment-13177492 ]
Lin Gao commented on SECURITY-938:
----------------------------------
PR is sent at: https://github.com/jbossas/redhat-picketbox/pull/13, how do we set the status before the PR is merged or rejected?
> JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false
> --------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-938
> URL: https://issues.jboss.org/browse/SECURITY-938
> Project: PicketBox
> Issue Type: Bug
> Components: PicketBox
> Reporter: Lin Gao
> Assignee: Lin Gao
> Priority: Minor
>
> When some login-modules failed, JBossSecuritySubjectFactory will swallow the root cause of the LoginException, which will hide the message of the root cause.
> The suspicious code is at: [JBossSecuritySubjectFactory.createSubject()|https://github.com/jbossas/redhat-picketbox/blob/eap-7.x/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java#L83-L84] method,
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list