Confusing security exception thrown while authenticating using JMX with a just
starting server
----------------------------------------------------------------------------------------------
Key: GERONIMO-3467
URL: https://issues.apache.org/jira/browse/GERONIMO-3467
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.0.2
Reporter: Shiva Kumar H R
Fix For: 2.0.2
Scenario is as below:
Let's say server is starting and
org.apache.geronimo.configs/rmi-naming/2.0.1/car has started, but
org.apache.geronimo.configs/j2ee-security/2.0.1/car hasn't yet started. If an
external entity (like Geronimo Eclipse Plug-in) now tries to connect to the
kernel remotely through JMX, although rmi connection succeeds, authenticate
will fail (because security realm has not yet been started).
In this case, org.apache.geronimo.jmxremoting.Authenticator.authenticate() is
getting a LoginException with error
"javax.security.auth.login.LoginException: No LoginModules configured for
geronimo-admin". However this exception is not propogated, but rather is thrown
back as a 'SecurityException("Invalid login")'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
