karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Tustison (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-2364) org.apache.karaf.jaas.boot.principal.RolePrincipal class should implement Group, not Principal
Date Thu, 20 Jun 2013 23:41:21 GMT
Scott Tustison created KARAF-2364:
-------------------------------------

             Summary: org.apache.karaf.jaas.boot.principal.RolePrincipal class should implement
Group, not Principal
                 Key: KARAF-2364
                 URL: https://issues.apache.org/jira/browse/KARAF-2364
             Project: Karaf
          Issue Type: Bug
    Affects Versions: 2.3.1
            Reporter: Scott Tustison


When using the Karaf JAAS LDAPLoginModule in combination with Apache CXF (or a similar product),
there is no way to determine whether the Principal obtained from the Subject corresponds to
a user or a role(group). CXF (org.apache.cxf.interceptor.security.DefaultSecurityContext.findPrincipal())
will attempt to pull out a Principal which is not a java.security.acl.Group. However, since
the JAAS login module does not make use of the java.security.acl.Group interface for its RolePrincipal,
there is no way to determine the correct Principal to use. This can end up with Apache CXF
generating a SAML assertion for a group that belongs to a user instead of the user itself,
which is obviously invalid.

If RolePrincipal implemented Group instead of Principal it would fix this issue.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message