[jboss-jira] [JBoss JIRA] Created: (JBWEB-137) Principal information used to check web security constraints should be read from Subject

Principal information used to check web security constraints should be read from Subject ---------------------------------------------------------------------------------------- Key: JBWEB-137 URL: https://jira.jboss.org/jira/browse/JBWEB-137 Project: JBoss Web Issue Type: Feature Request Security Level: Public (Everyone can see) Components: Core Affects Versions: JBossWeb-2.1.0.GA Environment: RHEL, JDK6u12, JBossAS 5.0.1 Reporter: eugene75 Assignee: Remy Maucherat Priority: Minor The JBossGenericPrincipal instance constructed and cached by JBossWebRealm.authenticate() creates a copy of Subject caller principal, roles, password. Therefore any modifications to the subject during the user's session and not propagated to the JBossGenericPrincipal. It would be preferable if the data returned by JBossGenericPrincipal came directly from the Subject object itself. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira