-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
None
-
None
AuthenticationException is a subclass of NamingException which may be emitted by JNDI/LDAP when authenticating using the LdapLoginModule if wrong credentials are presented.
The exception may then be found in the cause chain of a javax.security.auth.login.FailedLoginException. That exception may in turn get serialized and sent over RMI (for instance, when using LDAP authentication to login in a JMX server).
NamingException contains an `resolvedObj` which in the case of failed LDAP authentication is populated with a non serializable context.
Attempting to serialize and forward the FailedLoginException to the remote side then causes that exception to be substituted with a java.io.NotSerializableException, giving no clue to the caller that the issue is due to wrong credentials.
The exception may then be found in the cause chain of a javax.security.auth.login.FailedLoginException. That exception may in turn get serialized and sent over RMI (for instance, when using LDAP authentication to login in a JMX server).
NamingException contains an `resolvedObj` which in the case of failed LDAP authentication is populated with a non serializable context.
Attempting to serialize and forward the FailedLoginException to the remote side then causes that exception to be substituted with a java.io.NotSerializableException, giving no clue to the caller that the issue is due to wrong credentials.