Uploaded image for project: 'JBoss Remoting (3+)'
  1. JBoss Remoting (3+)
  2. REM3-313

Elytron/Remoting/EJB - Exception from failed authentication differs depending on previous calls

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Critical Critical
    • None
    • 5.0.2.Final
    • None

      Exception presented to a client when EJB authentication fails should be the same for first authentication and subsequent authentications.

      I have following scenario:

      EJB Client -> EntryBean (server1) -> WhoAmIBean (server2)

      the Client provides correct credentials to server 1 and EntryBean makes reauthentication to server2.

      When I use  wrong credentials for server2 in EntryBean, the call fails with:

      org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

      When I run the scenario twice and use a correct credentials in EntryBean first and wrong in the second run, then the Exception is different:

      org.jboss.ejb.client.RequestSendFailedException: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left)

      From a client POV the exception should be the same in every call:

      • to allow safer exception handling in client code
      • to avoid disclosure shared connection details

              jkalina@redhat.com Jan Kalina (Inactive)
              jkalina@redhat.com Jan Kalina (Inactive)
              Martin Svehla Martin Svehla
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: