You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Sven Ad (JIRA)" <ji...@apache.org> on 2013/11/13 22:11:20 UTC

[jira] [Comment Edited] (SHIRO-467) Authentication exception gets swallowed

    [ https://issues.apache.org/jira/browse/SHIRO-467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13821835#comment-13821835 ] 

Sven Ad edited comment on SHIRO-467 at 11/13/13 9:09 PM:
---------------------------------------------------------

Warn logging is missing for the case that there is an exception thrown, that is not an AuthenticationException. 
Information is only passed to the AuthenticationListeners. Therefore it might be a good idea to add logging on warn level as is stated in the comments.
The patch includes a logging statement for the thrown exception and a jUnit test.


was (Author: sven.ad):
A warn logging is missing for the case that there is an exception thrown, that is not an AuthenticationException. 
Information is only passed to the AuthenticationListeners. Therefore it might be a good idea to at logging on warn level as is stated in the comments.
The patch includes a logging statement for the thrown exception and a jUnit test.

> Authentication exception gets swallowed
> ---------------------------------------
>
>                 Key: SHIRO-467
>                 URL: https://issues.apache.org/jira/browse/SHIRO-467
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in)
>    Affects Versions: 1.2.1
>            Reporter: Wouter de Vaal
>         Attachments: shiro-467.patch
>
>
> We extend from AuthorizingRealm and when we have a bug in our implementation, the exception gets swallowed by AbstractAuthenticator. 
> A comment in the code mentions it needs a warn log, but no such statement is present:
>             if (ae == null) {
>                 //Exception thrown was not an expected AuthenticationException.  Therefore it is probably a little more
>                 //severe or unexpected.  So, wrap in an AuthenticationException, log to warn, and propagate:
>                 String msg = "Authentication failed for token submission [" + token + "].  Possible unexpected " +
>                         "error? (Typical or expected login exceptions should extend from AuthenticationException).";
>                 ae = new AuthenticationException(msg, t);
>             }



--
This message was sent by Atlassian JIRA
(v6.1#6144)