Details
-
Bug
-
Resolution: Won't Do
-
Critical
-
None
-
5.0.2.Final
-
None
Description
Exception presented to a client when EJB authentication fails should be the same for first authentication and subsequent authentications.
I have following scenario:
EJB Client -> EntryBean (server1) -> WhoAmIBean (server2)
the Client provides correct credentials to server 1 and EntryBean makes reauthentication to server2.
When I use wrong credentials for server2 in EntryBean, the call fails with:
org.jboss.ejb.client.RequestSendFailedException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
When I run the scenario twice and use a correct credentials in EntryBean first and wrong in the second run, then the Exception is different:
org.jboss.ejb.client.RequestSendFailedException: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left)
From a client POV the exception should be the same in every call:
- to allow safer exception handling in client code
- to avoid disclosure shared connection details
Attachments
Issue Links
- clones
-
-
- Resolved
-
