RFR: 8215916: The failure reason of an optional JAAS LoginModule is not logged
Jayashree Huttanagoudar
duke at openjdk.org
Thu Jul 7 10:20:43 UTC 2022
On Tue, 14 Jun 2022 19:07:24 GMT, Jayashree Huttanagoudar <duke at openjdk.org> wrote:
> Could you please review the changes?
> This patch is to address : https://bugs.openjdk.org/browse/JDK-8215916?jql=labels%20%3D%20starter-bug
I verified the changes with sample example here: https://web.mit.edu/java_v1.5.0_22/distrib/share/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html , before and after the patch.
Results are below:
Before Patch:
# ./build/linux-x86_64-server-release/images/jdk/bin/javac sample/SampleAcn.java sample/module/SampleLoginModule.java sample/principal/SamplePrincipal.java
# ./build/linux-x86_64-server-release/images/jdk/bin/java -Djava.security.auth.login.config==sample_jaas.config -Djava.security.debug=logincontext sample.SampleAcn
[LoginContext]: Build ServiceProviders cache for ClassLoader: app
[LoginContext]: Discovered ServiceProviders for ClassLoader: app
java.util.ServiceLoader$ProviderImpl at d5ed6ed
java.util.ServiceLoader$ProviderImpl at 15a76bb1
java.util.ServiceLoader$ProviderImpl at 307eace9
java.util.ServiceLoader$ProviderImpl at f50ec023
java.util.ServiceLoader$ProviderImpl at fdf98634
java.util.ServiceLoader$ProviderImpl at c2632fde
java.util.ServiceLoader$ProviderImpl at 994f9a60
[LoginContext]: sample.module.SampleLoginModule loaded via reflection
user name: testUser
password: test
[SampleLoginModule] user entered user name: testUser
[SampleLoginModule] user entered password: test
[SampleLoginModule] authentication failed
[LoginContext]: login OPTIONAL failure
[LoginContext]: abort ignored
Authentication failed:
Password Incorrect
user name: test
password: testPassword
[SampleLoginModule] user entered user name: test
[SampleLoginModule] user entered password: testPassword
[SampleLoginModule] authentication failed
[LoginContext]: login OPTIONAL failure
[LoginContext]: abort ignored
Authentication failed:
User Name Incorrect
user name: testUser
password: test
[SampleLoginModule] user entered user name: testUser
[SampleLoginModule] user entered password: test
[SampleLoginModule] authentication failed
[LoginContext]: login OPTIONAL failure
[LoginContext]: abort ignored
Authentication failed:
Password Incorrect
Sorry
After Patch:
# ./build/linux-x86_64-server-release/images/jdk/bin/javac sample/SampleAcn.java sample/module/SampleLoginModule.java sample/principal/SamplePrincipal.java
# ./build/linux-x86_64-server-release/images/jdk/bin/java -Djava.security.auth.login.config==sample_jaas.config -Djava.security.debug=logincontext sample.SampleAcn
[LoginContext]: Build ServiceProviders cache for ClassLoader: app
[LoginContext]: Discovered ServiceProviders for ClassLoader: app
java.util.ServiceLoader$ProviderImpl at 8533fe57
java.util.ServiceLoader$ProviderImpl at 1718814c
java.util.ServiceLoader$ProviderImpl at 49c41191
java.util.ServiceLoader$ProviderImpl at 55608305
java.util.ServiceLoader$ProviderImpl at ee04ebce
java.util.ServiceLoader$ProviderImpl at 52aed7a2
java.util.ServiceLoader$ProviderImpl at 6214285b
[LoginContext]: sample.module.SampleLoginModule loaded via reflection
user name: test
password: testPassword
[SampleLoginModule] user entered user name: test
[SampleLoginModule] user entered password: testPassword
[SampleLoginModule] authentication failed
[LoginContext]: login OPTIONAL failure
[LoginContext]: abort ignored
Authentication failed:
javax.security.auth.login.FailedLoginException: User Name Incorrect
at sample.module.SampleLoginModule.login(SampleLoginModule.java:214)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:679)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:677)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:677)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at sample.SampleAcn.main(SampleAcn.java:87)
user name: testUser
password: test
[SampleLoginModule] user entered user name: testUser
[SampleLoginModule] user entered password: test
[SampleLoginModule] authentication failed
[LoginContext]: login OPTIONAL failure
[LoginContext]: abort ignored
Authentication failed:
javax.security.auth.login.FailedLoginException: Password Incorrect
at sample.module.SampleLoginModule.login(SampleLoginModule.java:216)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:679)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:677)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:677)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at sample.SampleAcn.main(SampleAcn.java:87)
user name: test
password: test
[SampleLoginModule] user entered user name: test
[SampleLoginModule] user entered password: test
[SampleLoginModule] authentication failed
[LoginContext]: login OPTIONAL failure
[LoginContext]: abort ignored
Authentication failed:
javax.security.auth.login.FailedLoginException: User Name Incorrect
at sample.module.SampleLoginModule.login(SampleLoginModule.java:214)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:679)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:677)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:677)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at sample.SampleAcn.main(SampleAcn.java:87)
Sorry
After the patch it is printing the stack trace.
-------------
PR: https://git.openjdk.org/jdk/pull/9159
More information about the security-dev
mailing list