geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Created: (GERONIMO-3406) "Auxilliary" login modules are mostly returning true instead of false
Date Mon, 13 Aug 2007 21:45:31 GMT
"Auxilliary" login modules are mostly returning true instead of false

                 Key: GERONIMO-3406
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.0, 2.0.x, 2.1
            Reporter: David Jencks
            Assignee: David Jencks
             Fix For: 2.0, 2.0.x, 2.1

We have several login modules that don't do security checks but do look at and sometimes modify
the Subject.  These should never be able to result in a login succeeding, so they should be
returning false from the various lifecycle methods.

In a slightly related issue the SubjectRegistrationLoginModule should be first in the list
so it will always get executed even if one of the other login modules is REQUISITE.  This
might mean we need to rethink if SubjectRegistrationLoginModule is an appropriate way to get
the registration to happen.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message