You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@servicemix.apache.org by "Freeman Fang (JIRA)" <ji...@apache.org> on 2010/01/23 03:14:43 UTC

[jira] Work started: (SMXCOMP-703) Servicemix CXF-BC component JbiJAASInterceptor should catch UndeclaredThrowableException

     [ https://issues.apache.org/activemq/browse/SMXCOMP-703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Work on SMXCOMP-703 started by Freeman Fang.

> Servicemix CXF-BC component JbiJAASInterceptor should catch UndeclaredThrowableException
> ----------------------------------------------------------------------------------------
>
>                 Key: SMXCOMP-703
>                 URL: https://issues.apache.org/activemq/browse/SMXCOMP-703
>             Project: ServiceMix Components
>          Issue Type: Improvement
>          Components: servicemix-cxf-bc
>    Affects Versions: servicemix-cxf-bc-2009.02
>            Reporter: Joe Luo
>            Assignee: Freeman Fang
>         Attachments: smx-cxf-bc-patch.patch
>
>
> The ServiceMix CXF-BC component JbiJAASInterceptor calls authenticate() function on JAASAuthenticationService to authenticate user:
> {code}
> for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
>     WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
>     if (er != null && er.getPrincipal() instanceof WSUsernameTokenPrincipal) {
>         WSUsernameTokenPrincipal p = (WSUsernameTokenPrincipal)er.getPrincipal();
>         subject.getPrincipals().add(p);
>         this.authenticationService.authenticate(subject, domain, p.getName(), p.getPassword());
>         authenticated = true;
>     }
> }
> {code}
> The function "authenticate(...)" might throw a FailedLoginException if a wrong password is supplied. Because the CXF-BC uses an invocation handler to invoke the method on a proxy instance, an UndeclaredThrowableException will be thrown and wraped with the FailedLoginException. Currently we do not catch the UndeclaredThrowableException and it caused the message of real exception to be lost. Instead, a very generic message such as 
> {code:xml}
> <soap:Fault><faultcode>soap:Server</faultcode><faultstring>Fault occurred while processing.</faultstring></soap:Fault>
> {code} 
> is always sent back. It is definitely is not intuitive for the client side to find out what could be wrong.
> By catching the UndeclaredThrowableException and retrieving the wrapped exception, we would get Soap Fault like:
> {code:xml}
> <soap:Fault><faultcode>soap:Server</faultcode><faultstring>Password does not match</faultstring></soap:Fault>
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.