-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
P4
-
Affects Version/s: 23
-
Component/s: core-libs
-
None
AuthenticationException is a subclass of NamingException which may be emitted by JNDI/LDAP when authenticating using the LdapLoginModule if wrong credentials are presented.
The exception may then be found in the cause chain of a javax.security.auth.login.FailedLoginException. That exception may in turn get serialized and sent over RMI (for instance, when using LDAP authentication to login in a JMX server).
NamingException contains an `resolvedObj` which in the case of failed LDAP authentication is populated with a non serializable context.
Attempting to serialize and forward the FailedLoginException to the remote side then causes that exception to be substituted with a java.io.NotSerializableException, giving no clue to the caller that the issue is due to wrong credentials.
The exception may then be found in the cause chain of a javax.security.auth.login.FailedLoginException. That exception may in turn get serialized and sent over RMI (for instance, when using LDAP authentication to login in a JMX server).
NamingException contains an `resolvedObj` which in the case of failed LDAP authentication is populated with a non serializable context.
Attempting to serialize and forward the FailedLoginException to the remote side then causes that exception to be substituted with a java.io.NotSerializableException, giving no clue to the caller that the issue is due to wrong credentials.