Details
-
Feature Request
-
Resolution: Done
-
Major
-
JBossAS-3.2.5 Final, JBossAS-4.0.0 Final, JBossAS-3.2.6 Final
-
None
-
0
-
0%
Description
When using a standalone EJB client and JAAS ClientLoginModule correctly authenticates user. But in case a CredentialsExpiredException or AccountExpiredException happens the exception that the standalone client receives is just SecurityException with no other information provided and no way to retrieve the exact cause from the client side.
Inside the server it is possible to use
org.jboss.security.SecurityAssociation and its corresponding key org.jboss.security.exception but this is not propagated to the client through the ClientLoginModule making it absolutely impossible for the client application, for example, to start a Credential change.
I need a way to notify a standalone client of the corresponding javax.security.auth.login.LoginException
that happens inside the JAAS LoginModule.
In JDK 1.4 it would be possible to use the public Throwable initCause(Throwable cause) from SecurityException, but not in 1.3 or 1.2.