[
https://issues.apache.org/jira/browse/GUACAMOLE-937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper resolved GUACAMOLE-937.
-----------------------------------
Resolution: Fixed
> Failures within bindAs() may have unexpected side effects
> ---------------------------------------------------------
>
> Key: GUACAMOLE-937
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-937
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Affects Versions: 1.1.0
> Reporter: Mike Jumper
> Assignee: Mike Jumper
> Priority: Minor
> Fix For: 1.1.0
>
>
> The {{bindAs()}} function formerly returned {{null}} when failures prevented
> binding, but now throws {{GuacamoleInvalidCredentialsException}} for such
> failures. This change is technically incorrect:
> * {{GuacamoleInvalidCredentialsException}} specifically indicates that the
> *Guacamole user's credentials* are invalid, but {{bindAs()}} is not
> restricted to being used with the user's credentials. It is a generic utility
> function.
> * Throwing any subclass of {{GuacamoleUnauthorizedException}} from within an
> active Guacamole session will result in that Guacamole session being
> implicitly invalidated, an unexpected side effect for any caller of
> {{bindAs()}}.
> This currently specifically affects failures to bind using the search DN,
> which now appear as if they are login failures and are not specifically
> logged, and conceivably would cause confusion in the future if {{bindAs()}}
> is used elsewhere.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
