Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: V3
    • Fix Version/s: 9.1peur1
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      3,755
    • Status Whiteboard:
      Hide

      91ur1Approved

      Show
      91ur1Approved

      Description

      Getting a JDBCRealm setup is difficult enough.

      JDBCRealm.java does this when it FAILS to authenticate a user:

      1) it catches a SQLException which has the EXACT PROBLEM DESCRIPTION in it.
      2) If logging >= INFO, then this vital information is thrown away in preference
      to a generic and useless message about authentication failing.
      3) if logging < INFO then the caller gets the SQLException message

      here is the code where this happens:

      } catch(Exception ex) {
      _logger.log(Level.SEVERE, "jdbcrealm.invaliduser", user);
      if (_logger.isLoggable(Level.FINE)) {
      _logger.log(Level.FINE, "Cannot validate user", ex);

        Activity

        Hide
        raharsha added a comment -

        Probable fix is to change the log level for this message to WARNING.

        Show
        raharsha added a comment - Probable fix is to change the log level for this message to WARNING.
        Hide
        basler added a comment -

        Approved for check into the SJSAS91_UR1_BRANCH

        Show
        basler added a comment - Approved for check into the SJSAS91_UR1_BRANCH
        Hide
        raharsha added a comment -

        Checking in
        src/java/com/sun/logging/enterprise/system/core/security/LogStrings.properties;
        /cvs/glassfish/appserv-commons/src/java/com/sun/logging/enterprise/system/core/security/LogStrings.properties,v
        <-- LogStrings.properties
        new revision: 1.16.10.1; previous revision: 1.16
        done
        Checking in src/java/com/sun/enterprise/security/auth/realm/jdbc/JDBCRealm.java;
        /cvs/glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/jdbc/JDBCRealm.java,v
        <-- JDBCRealm.java
        new revision: 1.4.8.1; previous revision: 1.4
        done

        Show
        raharsha added a comment - Checking in src/java/com/sun/logging/enterprise/system/core/security/LogStrings.properties; /cvs/glassfish/appserv-commons/src/java/com/sun/logging/enterprise/system/core/security/LogStrings.properties,v <-- LogStrings.properties new revision: 1.16.10.1; previous revision: 1.16 done Checking in src/java/com/sun/enterprise/security/auth/realm/jdbc/JDBCRealm.java; /cvs/glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/jdbc/JDBCRealm.java,v <-- JDBCRealm.java new revision: 1.4.8.1; previous revision: 1.4 done

          People

          • Assignee:
            raharsha
            Reporter:
            Byron Nevins
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: