[jboss-jira] [JBoss JIRA] (SECURITY-938) JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false
Lin Gao (JIRA)
issues at jboss.org
Wed May 25 05:02:00 EDT 2016
[ https://issues.jboss.org/browse/SECURITY-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13242318#comment-13242318 ]
Lin Gao commented on SECURITY-938:
----------------------------------
Increase priority to Critical, because it blocks another Critical Issue: https://issues.jboss.org/browse/WFLY-6372
> JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false
> --------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-938
> URL: https://issues.jboss.org/browse/SECURITY-938
> Project: PicketBox
> Issue Type: Bug
> Components: PicketBox
> Reporter: Lin Gao
> Assignee: Lin Gao
> Priority: Critical
>
> When some login-modules failed, JBossSecuritySubjectFactory will swallow the root cause of the LoginException, which will hide the message of the root cause.
> The suspicious code is at: [JBossSecuritySubjectFactory.createSubject()|https://github.com/jbossas/redhat-picketbox/blob/eap-7.x/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java#L83-L84] method,
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list