Hi Pradeeban, The error message needs to be fixed. It is a security bad practice. And, please resolve the JIRA issue appropriately after fixing.
Thanks, Senaka. On Tue, Jul 24, 2012 at 3:16 AM, Kathiravelu Pradeeban <[email protected]>wrote: > > > On Tue, Jul 24, 2012 at 1:30 PM, Kathiravelu Pradeeban <[email protected] > > wrote: > >> >> >> On Tue, Jul 24, 2012 at 12:48 PM, Pradeep Fernando <[email protected]>wrote: >> >>> Hi All, >>> >>> Here are the L1/L2 s that are in open state. >>> >>> >>> **L1s** >>> CARBON-13619 Clean up conf/README file and make catalina_server.xml >>> as the default cofig file which can change the http/s ports statically. >>> -Dileepa Jayakody >>> CARBON-13534 CipherTool and Secure Vault are broken in trunk >>> -Asela Pathberiya >>> >>> **L2s** >>> CARBON-13635 NPE when running a load test with resource adding >>> -Dimuthu Leelarathne >>> CARBON-13608 Fix jgroups.bind_addr property -Dimuthu Leelarathne >>> CARBON-13591 Login and logout user difference -Amila >>> Maharachchi >>> CARBON-13588 Modify Security Manager to allow tenants to read Rhino >>> code generated folder -Chethiya Abeysinghe >>> CARBON-13502 Ant task doesn't work to create war file [createWAR] >>> -Pradeep >>> CARBON-13386 Intermittent issue: ERROR >>> {org.infinispan.interceptors.InvocationContextInterceptor} - ISPN000136: >>> Execution error java.lang.InterruptedException when shutting down G-reg >>> -Dimuthu >>> CARBON-13208 TenantMgt AdminService invocation with wrong >>> credentials returns too much of information to the user, but the >>> information is also wrong -Kathiravelu Pradeeban >>> >> >> Won't fix, as explained in >> CARBON-13208<https://wso2.org/jira/browse/CARBON-13208> >> > > Discussed this with Thilini before closing the issue. (before Samisa's > mail on not to close the issues as "Won't fix" without discussing with the > dev@. Hence resolved as "Won't FIx" before addressing the list). > > This was implemented this way as of AmilaJ's security refactorings of > commit 121445, by design. > > > if (authenticationFailureReason == > AuthenticationFailureReason.INVALID_PASSWORD) { > return "Authentication failed - Invalid password provided."; > } > > BasicAccessAuthenticator:doAuthentication() > try { > boolean isAuthenticated = > realm.getUserStoreManager().authenticate(userName, password); > > if (!isAuthenticated) { > if (log.isDebugEnabled()) { > log.debug("Failed authentication for user " + > userNameInRequest); > } > > throw new AuthenticationFailureException > > (AuthenticationFailureException.AuthenticationFailureReason.INVALID_PASSWORD, > userNameInRequest); > } > > Hence the above message. > > Pls shout, if you feel the message should still be thrown appropriately > (i.e. instead of saying invalid password, saying either invalid username or > password), where in that case, we can easily fix this message. > > Regards, > Pradeeban. > > >> Regards, >> Pradeeban. >> >> CARBON-13167 supporting web-app mode deployment of carbon in Apache >>> Tomcat -Pradeep Fernando >>> CARBON-13140 wso2server.sh is not working with Solaris 10 in beta >>> Packs -Reka Thirunavukkarasu >>> CARBON-12895 Cannot enable JMS transport listener from UI -dushan >>> abeyruwan >>> CARBON-10230 Inconsistency of product clusters -Thilini Ishaka >>> >>> >>> Carbon core *code freeze on tomorrow*, tentative release *date on 27 th*. >>> I need a *progress update of each of the issues before EOD today.*(working >>> on it/ not started/ not possible with this release/etc) >>> >>> >>> regarding two issues assigned to me - will try to make them available in >>> this release. Otherwise they will go out in a point release. >>> >>> thanks, >>> --Pradeep >>> >>> >>> >>> >> >> >> -- >> Kathiravelu Pradeeban. >> Cloud Technologies Team. >> WSO2 Inc. >> >> Blog: [Llovizna] http://kkpradeeban.blogspot.com/ >> M: +94 776 477 976 >> >> > > > -- > Kathiravelu Pradeeban. > Cloud Technologies Team. > WSO2 Inc. > > Blog: [Llovizna] http://kkpradeeban.blogspot.com/ > M: +94 776 477 976 > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Senaka Fernando* Member - Integration Technologies Management Committee; Technical Lead; WSO2 Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
