cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aki Yoshida (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-3655) Role based authorization not working with DefaultSecurityContext (i.e., when using JAASLoginInterceptor with non-prefixed role names)
Date Fri, 15 Jul 2011 13:32:00 GMT

     [ https://issues.apache.org/jira/browse/CXF-3655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aki Yoshida resolved CXF-3655.
------------------------------

    Resolution: Fixed

> Role based authorization not working with DefaultSecurityContext (i.e., when using JAASLoginInterceptor
with non-prefixed role names)
> -------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-3655
>                 URL: https://issues.apache.org/jira/browse/CXF-3655
>             Project: CXF
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.4.1
>            Reporter: Aki Yoshida
>            Assignee: Aki Yoshida
>            Priority: Minor
>             Fix For: 2.4.2, 2.5
>
>
> org.apache.cxf.interceptor.security.DefaultSecurityContext's isUserInRole(String) is
not working with jetty's nor virgo's role configuration. This method assumes a role principal
to have interface java.security.acl.Group. 
> However, both jetty and virgo represent role principals using their own principal classes
> org.eclipse.jetty.plus.jaas.JAASRole or org.eclipse.virgo.kernel.authentication.Role,
respectively.
> And these role classes do not implement java.security.acl.Group.
> So, in order to check if the specified role matches the role-principals assigned to the
current context, the specified role must be compared against those principals set in the subject
that are not equal to the user principal.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message