Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.2.1
Description
We extend from AuthorizingRealm and when we have a bug in our implementation, the exception gets swallowed by AbstractAuthenticator.
A comment in the code mentions it needs a warn log, but no such statement is present:
if (ae == null)
{ //Exception thrown was not an expected AuthenticationException. Therefore it is probably a little more //severe or unexpected. So, wrap in an AuthenticationException, log to warn, and propagate: String msg = "Authentication failed for token submission [" + token + "]. Possible unexpected " + "error? (Typical or expected login exceptions should extend from AuthenticationException)."; ae = new AuthenticationException(msg, t); }