]
Darran Lofthouse resolved WFLY-7096.
------------------------------------
Assignee: Darran Lofthouse
Resolution: Won't Fix
Marking as 'Won't Fix' as this is in relation to PicketBox which is
deprecated.
Security domain casche dosn't respect infinispan settings
---------------------------------------------------------
Key: WFLY-7096
URL:
https://issues.jboss.org/browse/WFLY-7096
Project: WildFly
Issue Type: Feature Request
Components: Security
Affects Versions: 10.0.0.Final, 10.1.0.Final
Environment: Tested on Windows 7
Reporter: Marcin Fatyga
Assignee: Darran Lofthouse
Priority: Major
Attachments: patch.txt, standalone.xml, test_webapp.zip
In securitydomain we can set "casche-type" to infinispan. Auntentication
request ara now stored in infinispan casch, but any settings of this casche (configured in
infinispan subsystem) are not applied. Casche is always stored in memory and never
expiries.
This is serious security issue because after first authentication request credentials,
will never be verified again.