[jboss-jira] [JBoss JIRA] (SECURITY-631) Possibility to choose principal identity from FORM authentication

Possibility to choose principal identity from FORM authentication ----------------------------------------------------------------- Key: SECURITY-631 URL: https://issues.jboss.org/browse/SECURITY-631 Project: PicketBox (JBoss Security and Identity Management) Issue Type: Enhancement Security Level: Public (Everyone can see) Components: Negotiation Affects Versions: Negotiation_2.1.0 Reporter: Marek Posolda Assignee: Darran Lofthouse Fix For: Negotiation_2.0.3.SP4 , Negotiation_2.1.1 Currently method SPNEGOLoginModule.usernamePasswordLogin() is performing FORM-based authentication and when authenticates, it choose first principal from obtained subject and call setIdentity() with this principal. In EPP login modules, our subject has more principals and user principal is not returned as first principal of subject. For handle this situation, it will be nice to have this functionality in protected method like: {code} protected Principal getIdentityFromSubject(Subject userSubject) { Set principals = userSubject.getPrincipals(); if (principals.isEmpty()) { throw new LoginException("No principal returned after login."); } else if (principals.size() > 1) { log.warn("Multiple principals returned, using first principal in set."); } Principal identity = (Principal) principals.iterator().next(); return identity; } {code} which will be called from usernamePasswordLogin(). So that it will be possible to create subclass of SPNEGOLoginModule and override functionality of always choosing first principal. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira