You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Gary Tully (JIRA)" <ji...@apache.org> on 2011/02/16 16:50:57 UTC
[jira] Created: (AMQ-3182) JAAS PropertiesLoginModule does not
maintain internal validity state, so will commit in error after an invalid
login attempt
JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt
----------------------------------------------------------------------------------------------------------------------------
Key: AMQ-3182
URL: https://issues.apache.org/jira/browse/AMQ-3182
Project: ActiveMQ
Issue Type: Bug
Components: Broker
Affects Versions: 5.4.2
Reporter: Gary Tully
Assignee: Gary Tully
Fix For: 5.5.0
Issue visible when using the JaasDualAuthenticationPlugin which uses two login modules. An failed login attempt as system (with wrong password) will still succeed with the guest module, but the principals should be restricted to the guest role. They are not as the failed system module still commits in error.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Resolved: (AMQ-3182) JAAS PropertiesLoginModule does not
maintain internal validity state, so will commit in error after an invalid
login attempt
Posted by "Gary Tully (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQ-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Tully resolved AMQ-3182.
-----------------------------
Resolution: Fixed
fix in http://svn.apache.org/viewvc?rev=1071301&view=rev
> JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-3182
> URL: https://issues.apache.org/jira/browse/AMQ-3182
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.4.2
> Reporter: Gary Tully
> Assignee: Gary Tully
> Labels: Authentication, JAAS, security
> Fix For: 5.5.0
>
>
> Issue visible when using the JaasDualAuthenticationPlugin which uses two login modules. An failed login attempt as system (with wrong password) will still succeed with the guest module, but the principals should be restricted to the guest role. They are not as the failed system module still commits in error.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira