[jboss-jira] [JBoss JIRA] Created: (JBWEB-137) Principal information used to check web security constraints should be read from Subject
eugene75 (JIRA)
jira-events at lists.jboss.org
Mon Apr 20 10:11:22 EDT 2009
Principal information used to check web security constraints should be read from Subject
----------------------------------------------------------------------------------------
Key: JBWEB-137
URL: https://jira.jboss.org/jira/browse/JBWEB-137
Project: JBoss Web
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Components: Core
Affects Versions: JBossWeb-2.1.0.GA
Environment: RHEL, JDK6u12, JBossAS 5.0.1
Reporter: eugene75
Assignee: Remy Maucherat
Priority: Minor
The JBossGenericPrincipal instance constructed and cached by JBossWebRealm.authenticate() creates a copy of Subject caller principal, roles, password. Therefore any modifications to the subject during the user's session and not propagated to the JBossGenericPrincipal. It would be preferable if the data returned by JBossGenericPrincipal came directly from the Subject object itself.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list