[CXF-5603] The DefaultSecurityContext should use a supplied username to help find the User Principal - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7.10
Fix Version/s: 2.7.11, 3.0
Component/s: None
Labels:
None

Estimated Complexity:
Unknown

Description

The JAASLoginInterceptor populates the DefaultSecurityContext using the authenticated JAAS Subject. It tries to find the user principal, as opposed to the roles, by finding the first non-Group principal. However, in the case of a JAAS implementation that doesn't store roles as Groups, it may end up storing a role as the user principal. This task is to first try to match the given username against the non-Group principals, and then to default to the old behaviour.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/Mar/14 15:11

Updated:: 11/Jul/14 12:50

Resolved:: 11/Mar/14 16:40