Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-47

Support for jaas CredentialExpiredException and AccountExpiredException

    XMLWordPrintable

Details

    • 0
    • 0% 0%

    Description

      When using a standalone EJB client and JAAS ClientLoginModule correctly authenticates user. But in case a CredentialsExpiredException or AccountExpiredException happens the exception that the standalone client receives is just SecurityException with no other information provided and no way to retrieve the exact cause from the client side.

      Inside the server it is possible to use

      org.jboss.security.SecurityAssociation and its corresponding key org.jboss.security.exception but this is not propagated to the client through the ClientLoginModule making it absolutely impossible for the client application, for example, to start a Credential change.

      I need a way to notify a standalone client of the corresponding javax.security.auth.login.LoginException
      that happens inside the JAAS LoginModule.

      In JDK 1.4 it would be possible to use the public Throwable initCause(Throwable cause) from SecurityException, but not in 1.3 or 1.2.

      Attachments

        Activity

          People

            starksm64 Scott Stark (Inactive)
            sberna_jira Sergio Berna (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 1 day
                1d
                Remaining:
                Remaining Estimate - 1 day
                1d
                Logged:
                Time Spent - Not Specified
                Not Specified