Client authentication error message
-----------------------------------
Key: APLO-125
URL: https://issues.apache.org/jira/browse/APLO-125
Project: ActiveMQ Apollo
Issue Type: Improvement
Components: apollo-broker
Affects Versions: 1.0-beta6
Reporter: David Corticchiato
Priority: Minor
Fix For: 1.0
The LoginModule returns a LoginException when an authentication fail. This
exception can have different messages (the exception cause).
The problem is : when a client is already connected, he get the same error
message as if the login/password was wrong : "Authentication failed.
Credentials=[user=xxx]"
I think there is 2 possibility :
1) The more simple : Send the exception reason to client
2) The more secure (I think) : catch and send a differrent message for these
exceptions :
javax.security.auth.login.AccountException
javax.security.auth.login.AccountExpiredException
javax.security.auth.login.AccountLockedException (The one that interrests me in
this case)
javax.security.auth.login.AccountNotFoundException
javax.security.auth.login.CredentialException
javax.security.auth.login.CredentialExpiredException
javax.security.auth.login.CredentialNotFoundException
javax.security.auth.login.FailedLoginException
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
