Details
-
Bug
-
Resolution: Done
-
Major
-
PicketBox_4_0_21.Beta2, PicketBox_4_0_19.SP5
-
None
Description
Any misconfiguration of a login module leading to authentication failure used to be reported at trace level for anonymous user (principal == null) until SECURITY-660. Right now it is reported at debug level, but only if principal != null.
I am going to propose a fix to report the cause of such a failure at debug level despite the principal value. So that customers can see for example "javax.security.auth.login.LoginException: unable to find LoginModule class: ..." in their logs instead of "PBOX000016: Access denied" only.