Scott,
I agree that the exception is available from SecurityAdapter, but only inside
the same VM :(.
Im using ClientLoginModule from a client standalone application and the
exception is not propagated back to the client.
This is to say:
Object exception =
SecurityAssociation.getContextInfo("org.jboss.security.exception");
System.out.println("exception:"+exception);
Always returns null on the client side.
I agree that security manager doesnt allow for standard exception propagation
but i need a way to send the state back to client.
What would you think about the following modification on SecurityInterceptor
(line 150)
// Check the security info from the method invocation
if (securityManager.isValid(principal, credential) == false)
{
Object exception =
SecurityAssociation.getContextInfo(AUTH_EXCEPTION_KEY);
if(exception!=null){
//LoginException exception on internal JAAS login
module. reThrow.
log.error("Internal JAAS LoginException "+exception);
throw (Exception) exception;
}
String msg = "Authentication exception, principal=" + principal;
log.error(msg);
SecurityException e = new SecurityException(msg);
throw e;
}
The only problem i find is that LoginException does not extend from
SecurityException but from GeneralSecurityException which is checked :(. Maybe
another approach would be to use SecurityException as a wrapper for the JAAS
exception.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3858055#3858055
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3858055
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
