shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christoffer Soop (JIRA)" <>
Subject [jira] [Commented] (SHIRO-462) Authentication exceptions are swallowed
Date Sun, 17 May 2015 20:33:59 GMT


Christoffer Soop commented on SHIRO-462:

This issue has also cost me a lot of time and is likely to inhibit shiro adpoptation as potential
users get turned off by Shiro's lack of feedback on trivial configuration issues.

> Authentication exceptions are swallowed
> ---------------------------------------
>                 Key: SHIRO-462
>                 URL:
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in)
>    Affects Versions: 1.2.2
>            Reporter: Art O Cathain
>            Priority: Minor
>             Fix For: 1.2.3
>         Attachments: SHIRO-462.patch
> In org.apache.shiro.cas.CasFilter.onLoginFailure(AuthenticationToken, AuthenticationException,
ServletRequest, ServletResponse) the passed-in AuthenticationException is not logged anywhere.
In my case, a misconfigured SSL certificate error was being swallowed. The lack of logging
meant I had to use a debugger to see the exception details.
> There is a similar issue with the other override of this method, in org.apache.shiro.web.filter.authc.FormAuthenticationFilter.
> Suggest logging at debug level (which is off by default in sensible setups, but can be
enabled during investigations). See attached patch.

This message was sent by Atlassian JIRA

View raw message