You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Wouter de Vaal (JIRA)" <ji...@apache.org> on 2013/10/23 09:07:45 UTC

[jira] [Created] (SHIRO-467) Authentication exception gets swallowed

Wouter de Vaal created SHIRO-467:
------------------------------------

             Summary: Authentication exception gets swallowed
                 Key: SHIRO-467
                 URL: https://issues.apache.org/jira/browse/SHIRO-467
             Project: Shiro
          Issue Type: Bug
          Components: Authentication (log-in)
    Affects Versions: 1.2.1
            Reporter: Wouter de Vaal


We extend from AuthorizingRealm and when we have a bug in our implementation, the exception gets swallowed by AbstractAuthenticator. 

A comment in the code mentions it needs a warn log, but no such statement is present:

            if (ae == null) {
                //Exception thrown was not an expected AuthenticationException.  Therefore it is probably a little more
                //severe or unexpected.  So, wrap in an AuthenticationException, log to warn, and propagate:
                String msg = "Authentication failed for token submission [" + token + "].  Possible unexpected " +
                        "error? (Typical or expected login exceptions should extend from AuthenticationException).";
                ae = new AuthenticationException(msg, t);
            }



--
This message was sent by Atlassian JIRA
(v6.1#6144)