You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Sangeetha Hariharan (JIRA)" <ji...@apache.org> on 2014/04/07 23:38:14 UTC
[jira] [Created] (CLOUDSTACK-6349) IAM - No error message presented
to the user , when invalid password is provided.
Sangeetha Hariharan created CLOUDSTACK-6349:
-----------------------------------------------
Summary: IAM - No error message presented to the user , when invalid password is provided.
Key: CLOUDSTACK-6349
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6349
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Affects Versions: 4.4.0
Environment: Build from 4.4.
Reporter: Sangeetha Hariharan
Priority: Critical
Fix For: 4.4.0
Try to log in as regular user , by providing invalid username/password.
User is not presented with any error message:
apilog.log:
2014-04-07 10:51:15,849 INFO [a.c.c.a.ApiServer] (catalina-exec-6:ctx-5511ac44) 10.215.3.0 -- POST command=login domain=/ unknown exception writing api response
Management server log:
2014-04-07 10:47:28,001 DEBUG [c.c.a.ApiServlet] (catalina-exec-3:ctx-845578ba) ===START=== 10.215.3.0 -- POST
2014-04-07 10:47:28,003 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-3:ctx-845578ba) Attempting to log in user: test in domain 1
2014-04-07 10:47:28,003 DEBUG [c.c.s.a.SHA256SaltedUserAuthenticator] (catalina-exec-3:ctx-845578ba) Retrieving user: test
2014-04-07 10:47:28,005 DEBUG [c.c.s.a.MD5UserAuthenticator] (catalina-exec-3:ctx-845578ba) Retrieving user: test
2014-04-07 10:47:28,009 DEBUG [c.c.s.a.MD5UserAuthenticator] (catalina-exec-3:ctx-845578ba) Password does not match
2014-04-07 10:47:28,012 DEBUG [c.c.s.a.PlainTextUserAuthenticator] (catalina-exec-3:ctx-845578ba) Retrieving user: test
2014-04-07 10:47:28,016 DEBUG [c.c.s.a.PlainTextUserAuthenticator] (catalina-exec-3:ctx-845578ba) Password does not match
2014-04-07 10:47:28,016 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-3:ctx-845578ba) Unable to authenticate user with username test in domain 1
2014-04-07 10:47:28,019 ERROR [c.c.a.ApiServlet] (catalina-exec-3:ctx-845578ba) unknown exception writing api response
com.cloud.exception.InvalidParameterValueException: Caller cannot be passed as NULL to IAM!
at org.apache.cloudstack.iam.RoleBasedEntityAccessChecker.checkAccess(RoleBasedEntityAccessChecker.java:67)
at com.cloud.user.AccountManagerImpl.isRootAdmin(AccountManagerImpl.java:371)
at com.cloud.user.AccountManagerImpl.isInternalAccount(AccountManagerImpl.java:420)
at com.cloud.user.AccountManagerImpl.getUserAccount(AccountManagerImpl.java:2045)
at com.cloud.user.AccountManagerImpl.authenticateUser(AccountManagerImpl.java:1871)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy99.authenticateUser(Unknown Source)
at com.cloud.api.ApiServer.loginUser(ApiServer.java:850)
at com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:231)
at com.cloud.api.ApiServlet.access$000(ApiServlet.java:54)
at com.cloud.api.ApiServlet$1.run(ApiServlet.java:118)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:115)
at com.cloud.api.ApiServlet.doPost(ApiServlet.java:82)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:889)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:721)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2274)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
2014-04-07 10:47:28,020 DEBUG [c.c.a.ApiServlet] (catalina-exec-3:ctx-845578ba) ===END=== 10.215.3.0 -- POST
--
This message was sent by Atlassian JIRA
(v6.2#6252)