You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@activemq.apache.org by "Gary Tully (JIRA)" <ji...@apache.org> on 2011/02/16 16:50:57 UTC

[jira] Created: (AMQ-3182) JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt

JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt
----------------------------------------------------------------------------------------------------------------------------

                 Key: AMQ-3182
                 URL: https://issues.apache.org/jira/browse/AMQ-3182
             Project: ActiveMQ
          Issue Type: Bug
          Components: Broker
    Affects Versions: 5.4.2
            Reporter: Gary Tully
            Assignee: Gary Tully
             Fix For: 5.5.0


Issue visible when using the JaasDualAuthenticationPlugin which uses two login modules. An failed login attempt as system (with wrong password) will still succeed with the guest module, but the principals should be restricted to the guest role. They are not as the failed system module still commits in error.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Resolved: (AMQ-3182) JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt

Posted by "Gary Tully (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/AMQ-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gary Tully resolved AMQ-3182.
-----------------------------

    Resolution: Fixed

fix in http://svn.apache.org/viewvc?rev=1071301&view=rev

> JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-3182
>                 URL: https://issues.apache.org/jira/browse/AMQ-3182
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.4.2
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>              Labels: Authentication, JAAS, security
>             Fix For: 5.5.0
>
>
> Issue visible when using the JaasDualAuthenticationPlugin which uses two login modules. An failed login attempt as system (with wrong password) will still succeed with the guest module, but the principals should be restricted to the guest role. They are not as the failed system module still commits in error.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira