JDK-4414043 : JAAS should throw javax.security.auth.login.FailedLoginException failure
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.security
  • Affected Version: 1.0
  • Priority: P3
  • Status: Closed
  • Resolution: Not an Issue
  • OS: linux
  • CPU: x86
  • Submitted: 2001-02-10
  • Updated: 2001-02-11
  • Resolved: 2001-02-11
Description

Name: krC82822			Date: 02/09/2001


java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0)
Java HotSpot(TM) Client VM (build 1.3.0, mixed mode)

JAAS should throw a FailedLoginException on authentication failure to
differentiate it from a general system error which must use a LoginException.
The current version of JAAS throws LoginException. Here is the stack trace:

javax.security.auth.login.LoginException: Login Failure: all modules ignored
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
        at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
        at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
        at java.security.AccessController.doPrivileged(Native Method)
        at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:449)
        at
saecos.authentication.PasswordLoginModule.main(PasswordLoginModule.java:373)
(Review ID: 111253) 
======================================================================
Comments
EVALUATION 11 Feb 2001, kevin.ryan@eng -- user discovered this was not a bug, after all.
01-09-2004
WORK AROUND Name: krC82822 Date: 02/09/2001 None ======================================================================
01-09-2004