geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevan Miller (JIRA)" <j...@apache.org>
Subject [jira] Closed: (GERONIMO-3467) Confusing security exception thrown while authenticating using JMX with a just starting server
Date Sat, 02 Feb 2008 01:23:09 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-3467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kevan Miller closed GERONIMO-3467.
----------------------------------

    Resolution: Won't Fix

Looks like we have a fix/work-around for the reported problem in eclipse.

I'm guessing that your looking for a "NoLoginModuleConfigured" exception and want to use this
as a trigger for waiting for the server to finish startup. Seems like you can use the SecurityException
for the same purpose. Will just delay user notification for truly invalid login attempts.

Reopen, if you think this requires a server change.




> Confusing security exception thrown while authenticating using JMX with a just starting
server
> ----------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-3467
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3467
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0.2, 2.0.x, 2.1
>            Reporter: Shiva Kumar H R
>             Fix For: 2.0.x, 2.1
>
>
> Scenario is as below:
> Let's say server is starting and org.apache.geronimo.configs/rmi-naming/2.0.1/car has
started, but org.apache.geronimo.configs/j2ee-security/2.0.1/car hasn't yet started. If an
external entity (like Geronimo Eclipse Plug-in) now tries to connect to the kernel remotely
through JMX, although rmi connection succeeds, authenticate will fail (because security realm
has not yet been started).
> In this case, org.apache.geronimo.jmxremoting.Authenticator.authenticate() is getting
a LoginException with error 
> "javax.security.auth.login.LoginException: No LoginModules configured for geronimo-admin".
However this exception is not propogated, but rather is thrown back as a 'SecurityException("Invalid
login")'.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message