activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Corticchiato (Created) (JIRA)" <j...@apache.org>
Subject [jira] [Created] (APLO-125) Client authentication error message
Date Fri, 30 Dec 2011 10:13:30 GMT
Client authentication error message
-----------------------------------

                 Key: APLO-125
                 URL: https://issues.apache.org/jira/browse/APLO-125
             Project: ActiveMQ Apollo
          Issue Type: Improvement
          Components: apollo-broker
    Affects Versions: 1.0-beta6
            Reporter: David Corticchiato
            Priority: Minor
             Fix For: 1.0


The LoginModule returns a LoginException when an authentication fail. This exception can have
different messages (the exception cause).

The problem is : when a client is already connected, he get the same error message as if the
login/password was wrong : "Authentication failed. Credentials=[user=xxx]"

I think there is 2 possibility :

1) The more simple : Send the exception reason to client

2) The more secure (I think) : catch and send a differrent message for these exceptions :


javax.security.auth.login.AccountException 
javax.security.auth.login.AccountExpiredException 
javax.security.auth.login.AccountLockedException (The one that interrests me in this case)

javax.security.auth.login.AccountNotFoundException 
javax.security.auth.login.CredentialException 
javax.security.auth.login.CredentialExpiredException 
javax.security.auth.login.CredentialNotFoundException 
javax.security.auth.login.FailedLoginException 


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message