Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6072

jaxrs securityContext.getUserPrincipal is broken if login is done during the request

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: 3.0.3, 2.7.14, 3.1
          • Component/s: None
          • Labels:
            None
          • Estimated Complexity:
            Unknown

            Description

            Hi

            tested on last 2.6 release and didn't take time to check on 3. but I guess it is the same:

            I call a rest endpoint, in my business I login(user, pass) from the request (http) then from the security context I get the principal -> null, if I get it fro mthe request it is avlued. It is cause org.apache.cxf.transport.http.AbstractHTTPDestination#setupMessage(org.apache.cxf.message.Message, javax.servlet.ServletConfig, javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) stores the principal for the request but it evaluates it too early.

            Why not keeping the delegation to the http request?

              Attachments

                Activity

                  People

                  • Assignee:
                    sergey_beryozkin Sergey Beryozkin
                    Reporter:
                    romain.manni-bucau Romain Manni-Bucau
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: