Uploaded image for project: 'Geronimo'
  1. Geronimo
  2. GERONIMO-1201

All our login modules implement login() incorrectly

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.0-M5
    • 1.0
    • security
    • Security Level: public (Regular issues)
    • None

    Description

      According to the JAAS LoginModule contract, if a login fails, the LoginModule should throw an exception from the login() method (typically FailedLoginException). We instead return false, which does not mean "login failed", but instead means "this login module is not appropriate" (the stated example for returning false is a root login for an NIS login module).

      Attachments

        Activity

          People

            ammulder Aaron Mulder
            ammulder Aaron Mulder
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: