cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5603) The DefaultSecurityContext should use a supplied username to help find the User Principal
Date Tue, 11 Mar 2014 15:11:55 GMT
Colm O hEigeartaigh created CXF-5603:
----------------------------------------

             Summary: The DefaultSecurityContext should use a supplied username to help find
the User Principal
                 Key: CXF-5603
                 URL: https://issues.apache.org/jira/browse/CXF-5603
             Project: CXF
          Issue Type: Bug
    Affects Versions: 2.7.10
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 3.0.0, 2.7.11



The JAASLoginInterceptor populates the DefaultSecurityContext using the authenticated JAAS
Subject. It tries to find the user principal, as opposed to the roles, by finding the first
non-Group principal. However, in the case of a JAAS implementation that doesn't store roles
as Groups, it may end up storing a role as the user principal. This task is to first try to
match the given username against the non-Group principals, and then to default to the old
behaviour.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message