[jira] Issue Comment Edited: (SMXCOMP-703) Servicemix CXF-BC component JbiJAASInterceptor should catch UndeclaredThrowableException

Sat, 23 Jan 2010 03:30:13 -0800 

    [ 
https://issues.apache.org/activemq/browse/SMXCOMP-703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=57075#action_57075
 ] 

Freeman Fang edited comment on SMXCOMP-703 at 1/23/10 11:28 AM:
----------------------------------------------------------------

apply patch on behalf of Joe Luo with thanks
http://svn.apache.org/viewvc?rev=902336&view=rev
also add test to verify we can get expected exception now
http://svn.apache.org/viewvc?rev=902337&view=rev
http://svn.apache.org/viewvc?rev=902346&view=rev

      was (Author: ffang):
    apply patch on behalf of Joe Luo with thanks
http://svn.apache.org/viewvc?rev=902336&view=rev
also add test to verify we can get expected exception now
http://svn.apache.org/viewvc?rev=902337&view=rev
  
> Servicemix CXF-BC component JbiJAASInterceptor should catch 
> UndeclaredThrowableException
> ----------------------------------------------------------------------------------------
>
>                 Key: SMXCOMP-703
>                 URL: https://issues.apache.org/activemq/browse/SMXCOMP-703
>             Project: ServiceMix Components
>          Issue Type: Improvement
>          Components: servicemix-cxf-bc
>    Affects Versions: servicemix-cxf-bc-2009.02
>            Reporter: Joe Luo
>            Assignee: Freeman Fang
>             Fix For: servicemix-cxf-bc-2010.01
>
>         Attachments: smx-cxf-bc-patch.patch
>
>
> The ServiceMix CXF-BC component JbiJAASInterceptor calls authenticate() 
> function on JAASAuthenticationService to authenticate user:
> {code}
> for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
>     WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
>     if (er != null && er.getPrincipal() instanceof WSUsernameTokenPrincipal) {
>         WSUsernameTokenPrincipal p = 
> (WSUsernameTokenPrincipal)er.getPrincipal();
>         subject.getPrincipals().add(p);
>         this.authenticationService.authenticate(subject, domain, p.getName(), 
> p.getPassword());
>         authenticated = true;
>     }
> }
> {code}
> The function "authenticate(...)" might throw a FailedLoginException if a 
> wrong password is supplied. Because the CXF-BC uses an invocation handler to 
> invoke the method on a proxy instance, an UndeclaredThrowableException will 
> be thrown and wraped with the FailedLoginException. Currently we do not catch 
> the UndeclaredThrowableException and it caused the message of real exception 
> to be lost. Instead, a very generic message such as 
> {code:xml}
> <soap:Fault><faultcode>soap:Server</faultcode><faultstring>Fault occurred 
> while processing.</faultstring></soap:Fault>
> {code} 
> is always sent back. It is definitely is not intuitive for the client side to 
> find out what could be wrong.
> By catching the UndeclaredThrowableException and retrieving the wrapped 
> exception, we would get Soap Fault like:
> {code:xml}
> <soap:Fault><faultcode>soap:Server</faultcode><faultstring>Password does not 
> match</faultstring></soap:Fault>
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to