<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Cabin;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.pl-k
{mso-style-name:pl-k;}
.MsoChpDefault
{mso-style-type:export-only;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:212622971;
mso-list-type:hybrid;
mso-list-template-ids:-926250738 1074331663 1074331673 1074331675 1074331663 1074331673 1074331675 1074331663 1074331673 1074331675;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1
{mso-list-id:1092823655;
mso-list-type:hybrid;
mso-list-template-ids:-854172928 1074331663 1074331673 1074331675 1074331663 1074331673 1074331675 1074331663 1074331673 1074331675;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-IN" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline">
<span style="font-family:"Cabin","serif";color:#3D3D3D">Hi,<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;min-height: 8pt;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D">I am trying to port our existing application (in weblogic) to Jboss wildfly.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;min-height: 8pt;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D">Our application supports multiple logins under same user id but each logins need to be treated in different security context. For this we invoke the login modules by invoking j_security_check for each
logins attempts. We use a custome Jaas login module from where the subject is created with a unique user token and set as name of the Principal after successful login. But when using wildfly, the login module is invoked only the first time and for the subsequent
login attempts, the user subject is looked up from the domain cache inside JBossCachedAuthenticationManager.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;min-height: 8pt;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D">Further debugging into the issue i noticed below<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt;text-indent:-18.0pt;line-height:16.25pt;mso-list:l1 level1 lfo2;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<![if !supportLists]><span style="font-family:"Cabin","serif";color:#3D3D3D"><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Cabin","serif";color:#3D3D3D">After jaas login completes, the org.wildfly.extension.undertow.security.AccountImpl in exchange of ServletRequest gets updated with the new Principal (token set during jaas
login) and the OriginalPrincipal remains the same as the user id. This is fine as expected (I hope).<o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt;text-indent:-18.0pt;line-height:16.25pt;mso-list:l1 level1 lfo2;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<![if !supportLists]><span style="font-family:"Cabin","serif";color:#3D3D3D"><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Cabin","serif";color:#3D3D3D">org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(final AccountImpl account, final Object credential) uses the OriginalPrincipal to send to
authenticationManager for validation. Since this is not updated, it will always be the original user id.
<span style="background:white">Below source code from jboss.as uses<span class="apple-converted-space"> </span></span></span><span style="font-family:Consolas;color:#333333;border:none windowtext 1.0pt;padding:0cm;background:white">account</span><span class="pl-k"><span style="font-family:Consolas;color:#A71D5D;border:none windowtext 1.0pt;padding:0cm;background:white">.</span></span><span style="font-family:Consolas;color:#333333;border:none windowtext 1.0pt;padding:0cm;background:white">getPrincipal()
for getting the incomingPrincipal. But this is now changed to getOriginalPrincipal.<span class="apple-converted-space"> </span></span><span style="font-family:"Cabin","serif";color:#3D3D3D"> I think this should be the principal (not the OriginalPrincipal).<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;text-indent:36.0pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<img width="715" height="182" id="Picture_x0020_1" src="cid:image001.png@01D147BF.BB5A7BD0"><span style="font-family:"Cabin","serif";color:#3D3D3D"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt;margin-bottom:.0001pt;text-indent:-18.0pt;line-height:16.25pt;mso-list:l1 level1 lfo2;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<![if !supportLists]><span style="font-family:"Cabin","serif";color:#3D3D3D"><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Cabin","serif";color:#3D3D3D">org.jboss.security.authentication.JBossCachedAuthenticationManager caches the subject info against the OriginalPrincipal. Therefor it always returns from the cache after
the first successful authentication for a user id and JAAS login module is never invoked after that. Shouldn't the caching happen against the authenticated principal set in the subject (CallerPrincipal).<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;min-height: 8pt;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D">Can anyone please let me know whether this behavior change is possible ? Or is there any way I can configure custom class for org.wildfly.extension.undertow.security.JAASIdentityManagerImpl and org.jboss.security.authentication.JBossCachedAuthenticationManager
in wildfly 9.0.2.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;min-height: 8pt;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D">Regards<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;line-height:16.25pt;background:white;vertical-align:baseline;box-sizing: content-box;text-rendering: optimizelegibility;orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"Cabin","serif";color:#3D3D3D">Sony<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<br>
DISCLAIMER: <font color="#999999" size="1" face="Tahoma">"The information in this e-mail and any attachment is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. If you have received this e-mail in
error, kindly contact the sender and destroy all copies of the original communication. IBS makes no warranty, express or implied, nor guarantees the accuracy, adequacy or completeness of the information contained in this email or any attachment and is not
liable for any errors, defects, omissions, viruses or for resultant loss or damage, if any, direct or indirect."</font><br>
<font size="1"></font>
</body>
</html>