[GLASSFISH-396] Cleanup the LoginException/ProgrammaticLogin API Created: 13/Mar/06  Updated: 06/Mar/12

Status: Open
Project: glassfish
Component/s: security
Affects Version/s: 9.0pe
Fix Version/s: not determined

Type: Improvement Priority: Minor
Reporter: ahshishs Assignee: rameshm
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All


Issuezilla Id: 396

 Description   

1. Some methods in ProgrammaticLogin public API throw java.lang.Exception
The exception should be changed to more narrow and specific subclass

2. LoginContextDriver methods throw com.sun.enterprise.security.LoginException
See if this can be changed to javax.security.auth.login.LoginException

3. com.sun.enterprise.security.LoginException extends java.lang.RuntimeException
(via java.lang.SecurityException) - which means this exception can go uncaught
at compile-time.



 Comments   
Comment by Shing Wai Chan [ 18/Dec/06 ]

reassign to Bobby

Comment by Bobby Bissett [ 01/Jun/07 ]

Assigning to Ramesh for new subcomponent owner.

Comment by Tom Mueller [ 06/Mar/12 ]

Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.





[GLASSFISH-2862] admin-realm with ldaps requires cert in multiple keystores Created: 18/Apr/07  Updated: 06/Mar/12

Status: Open
Project: glassfish
Component/s: security
Affects Version/s: 9.1pe
Fix Version/s: not determined

Type: Improvement Priority: Minor
Reporter: sarnoth Assignee: rameshm
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: Linux
Platform: Linux


Issuezilla Id: 2,862

 Description   

I configured the security realm "admin-realm" to use LDAP with a secure URL
(ldaps) so that users in my organization can authenticate as themselves when
starting, stopping, and administering the domain. Our LDAP server has a self
signed cert so I had to install this in the cacerts file to make it all work.
First I tried putting this in cacerts.jks in the domain. When I did this I was
unable to start the domain because the authenticate done by the "asadmin
start-domain" command does not use this file. Next I tried putting it in the
JRE's cacerts file. With it in only this location I was able to start the domain
but I was not able to log in. Once the domain was started it was looking for the
cert in cacerts.jks to make its connection with the LDAP server. I had to put
the cert in both files to make it all work. This doesn't seem proper to me and
certainly is not desirable from a maintenance point of view. It seems logical
that the "asadmin start-domain" command should use the domain's configuration to
do authentication and that includes the cacerts.jks file.



 Comments   
Comment by Shing Wai Chan [ 18/Apr/07 ]

fixing CR 6517867 should resolve this one, too. Assign to Bobby as he is looking
at the above CR.

Comment by Bobby Bissett [ 01/Jun/07 ]

Assigning to Ramesh for new subcomponent owner.

Comment by sarnoth [ 03/Oct/07 ]
      • Issue 2862 has been confirmed by votes. ***
Comment by Tom Mueller [ 06/Mar/12 ]

Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.





Generated at Mon Apr 27 09:19:09 UTC 2015 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.