RFR: 8215916: The failure reason of an optional JAAS LoginModule is not logged
Weijun Wang
weijun at openjdk.org
Wed Jun 22 15:12:56 UTC 2022
On Wed, 22 Jun 2022 14:12:34 GMT, Jayashree Huttanagoudar <duke at openjdk.org> wrote:
>> I have the same suggestion as Sean. In JAAS, login could succeed even if one optional LoginModule failed, and in this case the reason for that failure is lost (even with your current fix). Logging it somewhere might help developer understand why it happened.
>
> Thanks you both for taking a look at this PR.
> I will investigate further for suitable suggested changes.
> Could you please suggest me how I can quickly check whether the changes I made are reflecting properly as expected ?
There are several builtin `LoginModule` implementations inside OpenJDK. For example, you can configure both `NTLoginModule` and `UnixLoginModule` as OPTIONAL in your JAAS login configuration file. No matter if you run on Windows or Linux, one will succeed and one will fail but overall the login will succeed. You can set `-Djava.security.debug=logincontext` to see if there is information on the failed one.
-------------
PR: https://git.openjdk.org/jdk/pull/9159
More information about the security-dev
mailing list