Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4234

JAX-RS JAASAuthenticatingFilter leaks SecurityException

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.3, 2.6
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      JAASAuthenticatingFilter is a wrapper around JAASLoginInterceptor and is supposed to return 401 in case of the missing HTTP Authorization header or failed logins. At the moment it leaks SecurityException that JAASLoginInterceptor throws in case of missing (Basic) authorization data which results in the browser reporting 500 instead of popping up the Authenticate window

        Attachments

          Activity

            People

            • Assignee:
              sergey_beryozkin Sergey Beryozkin
              Reporter:
              sergey_beryozkin Sergey Beryozkin

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment