Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-12279

Elytron/Remoting/EJB - Exception from failed authentication differs depending on previous calls

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • 7.1.0.ER2
    • EJB, Remoting, Security

    Description

      Exception presented to a client when EJB authentication fails should be the same for first authentication and subsequent authentications.

      I have following scenario:

      EJB Client -> EntryBean (server1) -> WhoAmIBean (server2)

      the Client provides correct credentials to server 1 and EntryBean makes reauthentication to server2.

      When I use  wrong credentials for server2 in EntryBean, the call fails with:

      org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

      When I run the scenario twice and use a correct credentials in EntryBean first and wrong in the second run, then the Exception is different:

      org.jboss.ejb.client.RequestSendFailedException: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left)

      From a client POV the exception should be the same in every call:

      • to allow safer exception handling in client code
      • to avoid disclosure shared connection details

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. EJBCLIENT-281 Elytron/Remoting/EJB - Exception from failed authentication differs depending on previous calls

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ELY-1423 Elytron/Remoting/EJB - Exception from failed authentication differs depending on previous calls

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. REM3-313 Elytron/Remoting/EJB - Exception from failed authentication differs depending on previous calls

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              Unassigned Unassigned
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Martin Svehla Martin Svehla
              Martin Svehla Martin Svehla
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: