RFR: 8215916: The failure reason of an optional JAAS LoginModule is not logged [v2]

Jayashree Huttanagoudar duke at openjdk.org
Wed Aug 3 06:52:55 UTC 2022


On Sat, 16 Jul 2022 13:32:44 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Jayashree Huttanagoudar has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Add test case to verify the patch
>
> There are quite some JAAS tests inside `test/jdk/javax/security/auth/login` where you can copy. The one you found has a very old copyright header and invalid format (like trailing spaces...). Also, I don't think it's worth implementing a new principal and a new login module. You can just using the out-of-box UnixLoginModule and NTLoginModule.

@wangweij I am trying to make use of UnixLoginModule with the new test case added with latest commit.
Looks like it turns out to be a positive test case without injecting some wrong `uid` or `gid` etc.
I tried to explore how we can programmatically induce a wrong `uid` or `gid` so that the stack trace which is expected to be printed when wrong credentials are fed.
Honestly I spent good amount of time and not getting how to get this test case into proper shape?
Could you please help?

-------------

PR: https://git.openjdk.org/jdk/pull/9159


More information about the security-dev mailing list