Uploaded image for project: 'Geronimo'
  1. Geronimo
  2. GERONIMO-1201

All our login modules implement login() incorrectly

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.0-M5
    • 1.0
    • security
    • Security Level: public (Regular issues)
    • None

    Description

      According to the JAAS LoginModule contract, if a login fails, the LoginModule should throw an exception from the login() method (typically FailedLoginException). We instead return false, which does not mean "login failed", but instead means "this login module is not appropriate" (the stated example for returning false is a root login for an NIS login module).

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ammulder Aaron Mulder
            ammulder Aaron Mulder
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment