[jboss-jira] [JBoss JIRA] Moved: (JBAS-7698) Principal information used to check web security constraints should be read from Subject
[
https://jira.jboss.org/jira/browse/JBAS-7698?page=com.atlassian.jira.plug...
]
Remy Maucherat moved JBWEB-137 to JBAS-7698:
--------------------------------------------
Project: JBoss Application Server (was: JBoss Web)
Key: JBAS-7698 (was: JBWEB-137)
Component/s: Security
(was: Core)
Affects Version/s: (was: JBossWeb-2.1.0.GA)
Principal information used to check web security constraints should
be read from Subject
----------------------------------------------------------------------------------------
Key: JBAS-7698
URL: https://jira.jboss.org/jira/browse/JBAS-7698
Project: JBoss Application Server
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Security
Environment: RHEL, JDK6u12, JBossAS 5.0.1
Reporter: eugene75
Assignee: Remy Maucherat
Priority: Minor
The JBossGenericPrincipal instance constructed and cached by JBossWebRealm.authenticate()
creates a copy of Subject caller principal, roles, password. Therefore any modifications
to the subject during the user's session and not propagated to the
JBossGenericPrincipal. It would be preferable if the data returned by
JBossGenericPrincipal came directly from the Subject object itself.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira