[CXF-6072] jaxrs securityContext.getUserPrincipal is broken if login is done during the request - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.3, 2.7.14, 3.1
Component/s: None
Labels:
None

Estimated Complexity:
Unknown

Description

tested on last 2.6 release and didn't take time to check on 3. but I guess it is the same:

I call a rest endpoint, in my business I login(user, pass) from the request (http) then from the security context I get the principal -> null, if I get it fro mthe request it is avlued. It is cause org.apache.cxf.transport.http.AbstractHTTPDestination#setupMessage(org.apache.cxf.message.Message, javax.servlet.ServletConfig, javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) stores the principal for the request but it evaluates it too early.

Why not keeping the delegation to the http request?

Attachments

Activity

People

Assignee:: Sergey Beryozkin

Reporter:: Romain Manni-Bucau

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Oct/14 18:14

Updated:: 16/Feb/15 16:09

Resolved:: 30/Oct/14 13:09