Return-Path: X-Original-To: apmail-karaf-issues-archive@minotaur.apache.org Delivered-To: apmail-karaf-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B260C10CB1 for ; Tue, 27 Jan 2015 11:10:34 +0000 (UTC) Received: (qmail 8901 invoked by uid 500); 27 Jan 2015 11:10:34 -0000 Delivered-To: apmail-karaf-issues-archive@karaf.apache.org Received: (qmail 8872 invoked by uid 500); 27 Jan 2015 11:10:34 -0000 Mailing-List: contact issues-help@karaf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@karaf.apache.org Delivered-To: mailing list issues@karaf.apache.org Received: (qmail 8861 invoked by uid 99); 27 Jan 2015 11:10:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Jan 2015 11:10:34 +0000 Date: Tue, 27 Jan 2015 11:10:34 +0000 (UTC) From: =?utf-8?Q?Jean-Baptiste_Onofr=C3=A9_=28JIRA=29?= To: issues@karaf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (KARAF-3373) Log lower level root cause exception in LDAPLoginModule.doLogin() MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/KARAF-3373?page=3Dcom.atlassian= .jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D1429= 3367#comment-14293367 ]=20 Jean-Baptiste Onofr=C3=A9 commented on KARAF-3373: --------------------------------------------- Fixed on master: https://git-wip-us.apache.org/repos/asf?p=3Dkaraf.git;a=3D= commitdiff;h=3Df577967e5e5a3feb55fab25b5c4335ca919a824e > Log lower level root cause exception in LDAPLoginModule.doLogin() > ----------------------------------------------------------------- > > Key: KARAF-3373 > URL: https://issues.apache.org/jira/browse/KARAF-3373 > Project: Karaf > Issue Type: Improvement > Components: karaf-security > Affects Versions: 3.0.0 > Environment: LDAP based JAAS login module > Reporter: Torsten Mielke > Assignee: Jean-Baptiste Onofr=C3=A9 > Labels: jaas > Fix For: 4.0.0, 3.0.3, 2.4.2 > > Attachments: KARAF-3373.patch > > > Method org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin() catch= es any exception and raises a new LoginException > {code:title=3DLDAPLoginModule.java} > } catch (Exception e) { > throw new LoginException("Can't connect to the LDAP server: " + e.getMe= ssage()); > } finally { > ... > } > {code} > However in case something is wrong with the LDAP configuration (e.g. wron= g SSL certificates) the root cause will be lost as e.getMessage() only retu= rns a fairly generic message, like > {code} > Can't connect to the LDAP server: simple bind failed: localhost:10636 > {code} > whereas the root cause really is=20 > {code} > sun.security.validator.ValidatorException: PKIX path building failed: sun= .security.provider.certpath.SunCertPathBuilderException: unable to find val= id certification path to requested target > {code} > We should somehow ensure this root cause is getting logged as well.=20 > Unfortunately the call stack to calling LDAPLoginModule.doLogin() include= s the javax.security.auth.login.LoginContext which completely swallows the = original LoginException raised in doLogin(). It only re-raises a very gener= ic LoginException with the message: > {code} > javax.security.auth.login.FailedLoginException: User doesn't exist > {code}=20 > The original exception message is lost.=20 > So there is no point in wrapping the root cause exception message in the = LoginException to be thrown by LDAPLoginModule.doLogin().=20 > Instead I suggest to log the root cause in doLogin() as a warning as in t= he attached patch.=20 -- This message was sent by Atlassian JIRA (v6.3.4#6332)