karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (KARAF-2364) org.apache.karaf.jaas.boot.principal.RolePrincipal class should implement Group, not Principal
Date Fri, 21 Jun 2013 00:21:22 GMT

     [ https://issues.apache.org/jira/browse/KARAF-2364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Freeman Fang resolved KARAF-2364.
---------------------------------

    Resolution: Not A Problem
    
> org.apache.karaf.jaas.boot.principal.RolePrincipal class should implement Group, not
Principal
> ----------------------------------------------------------------------------------------------
>
>                 Key: KARAF-2364
>                 URL: https://issues.apache.org/jira/browse/KARAF-2364
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 2.3.1
>            Reporter: Scott Tustison
>            Assignee: Freeman Fang
>
> When using the Karaf JAAS LDAPLoginModule in combination with Apache CXF (or a similar
product), there is no way to determine whether the Principal obtained from the Subject corresponds
to a user or a role(group). CXF (org.apache.cxf.interceptor.security.DefaultSecurityContext.findPrincipal())
will attempt to pull out a Principal which is not a java.security.acl.Group. However, since
the JAAS login module does not make use of the java.security.acl.Group interface for its RolePrincipal,
there is no way to determine the correct Principal to use. This can end up with Apache CXF
generating a SAML assertion for a group that belongs to a user instead of the user itself,
which is obviously invalid.
> If RolePrincipal implemented Group instead of Principal it would fix this issue.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message