[jira] [Updated] (KARAF-3373) Log lower level root cause exception in LDAPLoginModule.doLogin()

Thu, 20 Nov 2014 05:39:08 -0800 

     [ 
https://issues.apache.org/jira/browse/KARAF-3373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Torsten Mielke updated KARAF-3373:
----------------------------------
    Summary: Log lower level root cause exception in LDAPLoginModule.doLogin()  
(was: Log lower level root cause exception in LDAPLoginModule)

> Log lower level root cause exception in LDAPLoginModule.doLogin()
> -----------------------------------------------------------------
>
>                 Key: KARAF-3373
>                 URL: https://issues.apache.org/jira/browse/KARAF-3373
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf-security
>    Affects Versions: 3.0.0
>         Environment: LDAP based JAAS login module
>            Reporter: Torsten Mielke
>            Assignee: Jean-Baptiste Onofré
>              Labels: jaas
>             Fix For: 4.0.0, 3.0.3
>
>         Attachments: KARAF-3373.patch
>
>
> Method org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin() catches 
> any exception and raises a new LoginException
> {code:title=LDAPLoginModule.java}
> } catch (Exception e) {
>   throw new LoginException("Can't connect to the LDAP server: " + 
> e.getMessage());
> } finally {
>   ...
> }
> {code}
> However in case something is wrong with the LDAP configuration (e.g. wrong 
> SSL certificates) the root cause will be lost as e.getMessage() only returns 
> a fairly generic message, like
> {code}
> Can't connect to the LDAP server: simple bind failed: localhost:10636
> {code}
> whereas the root cause really is 
> {code}
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target
> {code}
> We should somehow ensure this root cause is getting logged as well. 
> Unfortunately the call stack to calling LDAPLoginModule.doLogin() includes 
> the javax.security.auth.login.LoginContext which completely swallows the 
> original LoginException raised in doLogin(). It only re-raises a very generic 
> LoginException with the message:
> {code}
> javax.security.auth.login.FailedLoginException: User doesn't exist
> {code} 
> The original exception message is lost. 
> So there is no point in wrapping the root cause exception message in the 
> LoginException to be thrown by LDAPLoginModule.doLogin(). 
> Instead I suggest to log the root cause in doLogin() as a warning as in the 
> attached patch. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to