You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@servicemix.apache.org by "Freeman Fang (JIRA)" <ji...@apache.org> on 2010/01/23 04:36:44 UTC

[jira] Resolved: (SMXCOMP-703) Servicemix CXF-BC component JbiJAASInterceptor should catch UndeclaredThrowableException

     [ https://issues.apache.org/activemq/browse/SMXCOMP-703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Freeman Fang resolved SMXCOMP-703.
----------------------------------

       Resolution: Fixed
    Fix Version/s: servicemix-cxf-bc-2010.01

apply patch on behalf of Joe Luo with thanks
http://svn.apache.org/viewvc?rev=902336&view=rev
also add test to verify we can get expected exception now
http://svn.apache.org/viewvc?rev=902337&view=rev

> Servicemix CXF-BC component JbiJAASInterceptor should catch UndeclaredThrowableException
> ----------------------------------------------------------------------------------------
>
>                 Key: SMXCOMP-703
>                 URL: https://issues.apache.org/activemq/browse/SMXCOMP-703
>             Project: ServiceMix Components
>          Issue Type: Improvement
>          Components: servicemix-cxf-bc
>    Affects Versions: servicemix-cxf-bc-2009.02
>            Reporter: Joe Luo
>            Assignee: Freeman Fang
>             Fix For: servicemix-cxf-bc-2010.01
>
>         Attachments: smx-cxf-bc-patch.patch
>
>
> The ServiceMix CXF-BC component JbiJAASInterceptor calls authenticate() function on JAASAuthenticationService to authenticate user:
> {code}
> for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
>     WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
>     if (er != null && er.getPrincipal() instanceof WSUsernameTokenPrincipal) {
>         WSUsernameTokenPrincipal p = (WSUsernameTokenPrincipal)er.getPrincipal();
>         subject.getPrincipals().add(p);
>         this.authenticationService.authenticate(subject, domain, p.getName(), p.getPassword());
>         authenticated = true;
>     }
> }
> {code}
> The function "authenticate(...)" might throw a FailedLoginException if a wrong password is supplied. Because the CXF-BC uses an invocation handler to invoke the method on a proxy instance, an UndeclaredThrowableException will be thrown and wraped with the FailedLoginException. Currently we do not catch the UndeclaredThrowableException and it caused the message of real exception to be lost. Instead, a very generic message such as 
> {code:xml}
> <soap:Fault><faultcode>soap:Server</faultcode><faultstring>Fault occurred while processing.</faultstring></soap:Fault>
> {code} 
> is always sent back. It is definitely is not intuitive for the client side to find out what could be wrong.
> By catching the UndeclaredThrowableException and retrieving the wrapped exception, we would get Soap Fault like:
> {code:xml}
> <soap:Fault><faultcode>soap:Server</faultcode><faultstring>Password does not match</faultstring></soap:Fault>
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.