activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Tully (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (AMQ-3182) JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt
Date Wed, 16 Feb 2011 16:34:24 GMT

     [ https://issues.apache.org/jira/browse/AMQ-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Gary Tully resolved AMQ-3182.
-----------------------------

    Resolution: Fixed

fix in http://svn.apache.org/viewvc?rev=1071301&view=rev

> JAAS PropertiesLoginModule does not maintain internal validity state, so will commit
in error after an invalid login attempt
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-3182
>                 URL: https://issues.apache.org/jira/browse/AMQ-3182
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.4.2
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>              Labels: Authentication, JAAS, security
>             Fix For: 5.5.0
>
>
> Issue visible when using the JaasDualAuthenticationPlugin which uses two login modules.
An failed login attempt as system (with wrong password) will still succeed with the guest
module, but the principals should be restricted to the guest role. They are not as the failed
system module still commits in error.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message