[
https://issues.apache.org/jira/browse/SHIRO-467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13821835#comment-13821835
]
Sven Ad commented on SHIRO-467:
-------------------------------
A warn logging is missing for the case that there is an exception thrown, that
is not an AuthenticationException.
Information is only passed to the AuthenticationListeners. Therefore it might
be a good idea to at logging on warn level as is stated in the comments.
The patch includes a logging statement for the thrown exception and a jUnit
test.
> Authentication exception gets swallowed
> ---------------------------------------
>
> Key: SHIRO-467
> URL: https://issues.apache.org/jira/browse/SHIRO-467
> Project: Shiro
> Issue Type: Bug
> Components: Authentication (log-in)
> Affects Versions: 1.2.1
> Reporter: Wouter de Vaal
> Attachments: shiro-467.patch
>
>
> We extend from AuthorizingRealm and when we have a bug in our implementation,
> the exception gets swallowed by AbstractAuthenticator.
> A comment in the code mentions it needs a warn log, but no such statement is
> present:
> if (ae == null) {
> //Exception thrown was not an expected
> AuthenticationException. Therefore it is probably a little more
> //severe or unexpected. So, wrap in an
> AuthenticationException, log to warn, and propagate:
> String msg = "Authentication failed for token submission [" +
> token + "]. Possible unexpected " +
> "error? (Typical or expected login exceptions should
> extend from AuthenticationException).";
> ae = new AuthenticationException(msg, t);
> }
--
This message was sent by Atlassian JIRA
(v6.1#6144)
