[jboss-jira] [JBoss JIRA] (ELY-1423) Elytron/Remoting/EJB - Exception from failed authentication differs depending on previous calls

Jan Kalina (JIRA) issues at jboss.org
Tue Jan 23 14:02:00 EST 2018 

     [ https://issues.jboss.org/browse/ELY-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina closed ELY-1423.
---------------------------
    Resolution: Rejected


No change in elytron needed.

> Elytron/Remoting/EJB - Exception from failed authentication differs depending on previous calls
> -----------------------------------------------------------------------------------------------
>
>                 Key: ELY-1423
>                 URL: https://issues.jboss.org/browse/ELY-1423
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Authentication Client
>    Affects Versions: 1.2.0.Beta8
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Critical
>
> Exception presented to a client when EJB authentication fails should be the same for first authentication and subsequent authentications.
> I have following scenario:
> {noformat}
> EJB Client -> EntryBean (server1) -> WhoAmIBean (server2)
> {noformat}
> the Client provides correct credentials to server 1 and EntryBean makes reauthentication to server2.
> When I use  wrong credentials for server2 in EntryBean, the call fails with:
> {noformat}
> org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
> {noformat}
> When I run the scenario twice and use a correct credentials in EntryBean first and wrong in the second run, then the Exception is different:
> {noformat}
> org.jboss.ejb.client.RequestSendFailedException: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left)
> {noformat}
> From a client POV the exception should be the same in every call:
> * to allow safer exception handling in client code
> * to avoid disclosure shared connection details



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list