Art O Cathain created SHIRO-462:
-----------------------------------
Summary: Authentication exceptions are swalloed
Key: SHIRO-462
URL: https://issues.apache.org/jira/browse/SHIRO-462
Project: Shiro
Issue Type: Bug
Components: Authentication (log-in)
Affects Versions: 1.2.2
Reporter: Art O Cathain
Priority: Minor
Fix For: 1.2.3
Attachments: SHIRO-462.patch
In org.apache.shiro.cas.CasFilter.onLoginFailure(AuthenticationToken,
AuthenticationException, ServletRequest, ServletResponse) the passed-in
AuthenticationException is not logged anywhere. In my case, a misconfigured SSL
certificate error was being swallowed. The lack of logging meant I had to use a
debugger to see the exception details.
There is a similar issue with the other override of this method, in
org.apache.shiro.web.filter.authc.FormAuthenticationFilter.
Suggest logging at debug level (which is off by default in sensible setups, but
can be enabled during investigations)
--
This message was sent by Atlassian JIRA
(v6.1#6144)
