activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hiram Chirino (Resolved) (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (APLO-125) Client authentication error message
Date Fri, 13 Jan 2012 19:58:48 GMT

     [ https://issues.apache.org/jira/browse/APLO-125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Hiram Chirino resolved APLO-125.
--------------------------------

    Resolution: Fixed
      Assignee: Hiram Chirino

I've just committed a fix which should provide the end user a better error message.
                
> Client authentication error message
> -----------------------------------
>
>                 Key: APLO-125
>                 URL: https://issues.apache.org/jira/browse/APLO-125
>             Project: ActiveMQ Apollo
>          Issue Type: Improvement
>          Components: apollo-broker
>    Affects Versions: 1.0-beta6
>            Reporter: David Corticchiato
>            Assignee: Hiram Chirino
>            Priority: Minor
>             Fix For: 1.0
>
>
> The LoginModule returns a LoginException when an authentication fail. This exception
can have different messages (the exception cause).
> The problem is : when a client is already connected, he get the same error message as
if the login/password was wrong : "Authentication failed. Credentials=[user=xxx]"
> I think there is 2 possibility :
> 1) The more simple : Send the exception reason to client
> 2) The more secure (I think) : catch and send a differrent message for these exceptions
: 
> javax.security.auth.login.AccountException 
> javax.security.auth.login.AccountExpiredException 
> javax.security.auth.login.AccountLockedException (The one that interrests me in this
case) 
> javax.security.auth.login.AccountNotFoundException 
> javax.security.auth.login.CredentialException 
> javax.security.auth.login.CredentialExpiredException 
> javax.security.auth.login.CredentialNotFoundException 
> javax.security.auth.login.FailedLoginException 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message