karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Spencer <pau...@apache.org>
Subject securityContext.getUserPrincipal() in JAX-RS return unexpected RolePrincipal. Why?
Date Thu, 02 Aug 2018 18:56:44 GMT
Karaf 4.2
I have a JAX-RS Service implemented with CXF features and uses Karaf's JAAS
authorization. Depending on the number of roles defined for a user,
securityContext.getUserPrincipal() may return a UserPrincipal or a
RolePrincipal.  In all cases I expect UserPrincipal because I expect
securityContext.getUserPrincipal().getName() to be the username logged in.

Role Count   Return Principal
------------- --------------------------------------------------
     0           org.apache.karaf.jaas.boot.principal.UserPrincipal
     1           org.apache.karaf.jaas.boot.principal.UserPrincipal
 2 or more   org.apache.karaf.jaas.boot.principal.RolePrincipal

karaf@root(jaas)> user-list                                                           
                                                                                         
                                                          
User Name │ Group │ Role
──────────┼───────┼───────
Aladdin   │       │ VIEW
Aladdin   │       │ UPDATE
Foo        │       │

For the above users, securityContext.getUserPrincipal().getName() returns
"UPDATE" when Aladdin is logged in.

Why am I not seeing the expected behavior?

Paul Spencer



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html

Mime
View raw message