Major Exception presented to a client when EJB authentication fails should be the same for first authentication and subsequent authentications.
I have following scenario:
EJB Client -> EntryBean (server1) -> WhoAmIBean (server2)
the Client provides correct credentials to server 1 and EntryBean makes reauthentication to server2.
When I use wrong credentials for server2 in EntryBean, the call fails with:
org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
When I run the scenario twice and use a correct credentials in EntryBean first and wrong in the second run, then the Exception is different:
org.jboss.ejb.client.RequestSendFailedException: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left)
From a client POV the exception should be the same in every call:
- to allow safer exception handling in client code
- to avoid disclosure shared connection details
- is cloned by
-
EJBCLIENT-281 Elytron/Remoting/EJB - Exception from failed authentication differs depending on previous calls
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
