Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
JBossAS-4.2.2.GA
-
None
-
Low
Description
In org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(), the following code handles authentication errors while obtaining a new database connection from the pool:
...
if (securityDomain.isValid(principal, credential, subject) == false)
throw new SecurityException("Invalid authentication attempt, principal=" + principal);
...
If there are errors during authentication, they are not logged or rethrown like it's done in AuthenticationInterceptor:
...
if (authenticationManager.isValid(principal, credential, subject) == false)
{
// Check for the security association exception
Exception ex = SecurityActions.getContextException();
if (ex != null)
throw ex;
...
In our case, we had a bug in our login-config for the security domain being used for the database connections. The real exception came from the LoginModule's initialize method, but the only message we got is a SecurityException with 'Invalid authentication attempt'.