Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5345

(7.1.0) Flagging of invalid login credential for datasource is inconsistent - JBossSecuritySubjectFactory should check the root cause exception

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.1.0.DR3
    • None
    • Security
    • None

    Description

      When some login-modules failed, JBossSecuritySubjectFactory will swallow the root cause of the LoginException, which will hide the message of the root cause.

      The suspicious code is at: JBossSecuritySubjectFactory.createSubject() method,

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. SECURITY-938 JBossSecuritySubjectFactory should check the root cause exception when AuthenticationManager.isValid() returns false

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-4733 (7.0.z) Flagging of invalid login credential for datasource is inconsistent - JBossSecuritySubjectFactory should check the root cause exception

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-5344 (7.1.0) Upgrade PicketBox from 4.9.6.Final to 4.9.7.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              rhn-engineering-lgao Lin Gao
              rhn-cservice-bbaranow Bartosz Baranowski
              Martin Simka Martin Simka
              Martin Simka Martin Simka
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: