[jboss-jira] [JBoss JIRA] (SECURITY-573) Improve handling of IOException thrown from NegotiationAuthenticator
Darran Lofthouse (JIRA)
issues at jboss.org
Tue Aug 21 08:09:07 EDT 2018
[ https://issues.jboss.org/browse/SECURITY-573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse reassigned SECURITY-573:
-----------------------------------------
Assignee: (was: Darran Lofthouse)
> Improve handling of IOException thrown from NegotiationAuthenticator
> --------------------------------------------------------------------
>
> Key: SECURITY-573
> URL: https://issues.jboss.org/browse/SECURITY-573
> Project: PicketBox
> Issue Type: Bug
> Components: Negotiation
> Affects Versions: Negotiation_2.0.3.GA
> Environment: JBoss EPP 5.1.GA with SPNEGO support, JBoss Negotiation 2.0.3, commons-http-client 3.1 used as HTTP client
> Reporter: Marek Posolda
>
> Currently if IOException is thrown from NegotiationAuthenticator (For example from line 123 from statement: NegotiationMessage requestMessage = mf.createMessage(authTokenIS); )
> then this exception is never logged but it's catched and ignored in CoyoteAdapter.service. Result is that client receives response code 200 OK and emtpy HTTP response. And there is nothing in server log, which can be used to recognize error. So I need to debug if I want to find the real cause of IO issue.
> Example for simulating of this issue can be using of Kerberos OID instead of SPNEGO OID as described in Jira SECURITY-572
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list