[
https://issues.apache.org/jira/browse/OFBIZ-6721?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15005621#comment-15005621
]
Forrest Rae commented on OFBIZ-6721:
------------------------------------
Thanks Jacques, I'll take some time in the next month or so to improve the
password checking code a bit in trunk, and put in support for PBKDF2 with
rolling password hash upgrades for posix style password storage.
> org.ofbiz.common.login.LoginServices.userLogin causes stack track when
> username or password is incorrect
> --------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-6721
> URL: https://issues.apache.org/jira/browse/OFBIZ-6721
> Project: OFBiz
> Issue Type: Improvement
> Components: commonext/setup
> Affects Versions: Release Branch 11.04, Release Branch 12.04, Release
> Branch 13.07, Release Branch 14.12, Trunk
> Reporter: Forrest Rae
> Assignee: Jacques Le Roux
> Priority: Trivial
> Labels: log, test-failure
> Fix For: 14.12.01, 12.04.06, 13.07.03, Upcoming Branch
>
> Attachments: OFBIZ-6721.patch
>
>
> org.ofbiz.common.login.LoginServices.userLogin is returning ERROR when a
> username or password is incorrect. It should return FAILURE instead of
> error. The error causes stack track to be printed to the log. The stack
> trace makes watching the log for actual errors difficult. This is especially
> hard when running and analyzing the log after a full test run, of in my case,
> a custom set of test cases.
> Stack trace:
> [java] 2015-11-12 16:35:00,412 |ajp-bio-8009-exec-7 |LoginWorker
> |I| Setting default delegator
> [java] 2015-11-12 16:35:00,413 |ajp-bio-8009-exec-7 |LoginServices
> |I| [LoginServices.userLogin] : Password Incorrect
> [java] 2015-11-12 16:35:00,420 |ajp-bio-8009-exec-7 |ServiceDispatcher
> |E| Error in Service [userLogin]: Password incorrect.
> [java] 2015-11-12 16:35:00,420 |ajp-bio-8009-exec-7 |TransactionUtil
> |E| [TransactionUtil.rollback]
> [java] java.lang.Exception: Stack Trace
> [java] at
> org.ofbiz.entity.transaction.TransactionUtil.rollback(TransactionUtil.java:322)
> [ofbiz-entity.jar:?]
> [java] at
> org.ofbiz.entity.transaction.TransactionUtil.rollback(TransactionUtil.java:299)
> [ofbiz-entity.jar:?]
> [java] at
> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:534)
> [ofbiz-service.jar:?]
> [java] at
> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:227)
> [ofbiz-service.jar:?]
> [java] at
> org.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:88)
> [ofbiz-service.jar:?]
> [java] at
> org.ofbiz.webapp.control.LoginWorker.login(LoginWorker.java:488)
> [ofbiz-webapp.jar:?]
> [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_60]
> [java] at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_60]
> [java] at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_60]
> [java] at java.lang.reflect.Method.invoke(Method.java:497)
> ~[?:1.8.0_60]
> [java] at
> org.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:92)
> [ofbiz-webapp.jar:?]
> [java] at
> org.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:78)
> [ofbiz-webapp.jar:?]
> [java] at
> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:759)
> [ofbiz-webapp.jar:?]
> [java] at
> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:476)
> [ofbiz-webapp.jar:?]
> [java] at
> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:213)
> [ofbiz-webapp.jar:?]
> [java] at
> org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:88)
> [ofbiz-webapp.jar:?]
> [java] at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
> [servlet-api-3.0.jar:?]
> [java] at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> [servlet-api-3.0.jar:?]
> [java] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:323)
> [ofbiz-webapp.jar:?]
> [java] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
> [tomcat-7.0.64-catalina.jar:7.0.64]
> [java] at
> org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190)
> [tomcat-7.0.64-tomcat-coyote.jar:7.0.64]
> [java] at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
> [tomcat-7.0.64-tomcat-coyote.jar:7.0.64]
> [java] at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
> [tomcat-7.0.64-tomcat-coyote.jar:7.0.64]
> [java] at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> [?:1.8.0_60]
> [java] at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> [?:1.8.0_60]
> [java] at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-7.0.64-tomcat-coyote.jar:7.0.64]
> [java] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_60]
> [java] 2015-11-12 16:35:00,420 |ajp-bio-8009-exec-7 |TransactionUtil
> |I| Transaction rolled back
> [java] 2015-11-12 16:35:00,421 |ajp-bio-8009-exec-7 |ServiceDispatcher
> |T| Sync service [webtools/userLogin] finished in [9] milliseconds
> [java] 2015-11-12 16:35:00,421 |ajp-bio-8009-exec-7 |RequestHandler
> |I| Ran Event [java:org.ofbiz.webapp.control.LoginWorker#login] from
> [request], result is [error]
> [java] 2015-11-12 16:35:00,421 |ajp-bio-8009-exec-7 |RequestHandler
> |E| Request login caused an error with the following message: following
> error occurred during login: Password incorrect.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
