[jboss-jira] [JBoss JIRA] (ELY-1281) SecurityDomain.authenticate() propagates credentials inappropriately

Tuesday, 11 July 2017

David Lloyd created ELY-1281:
--------------------------------

             Summary: SecurityDomain.authenticate() propagates credentials
inappropriately
                 Key: ELY-1281
                 URL: https://issues.jboss.org/browse/ELY-1281
             Project: WildFly Elytron
          Issue Type: Bug
          Components: API / SPI, Authentication Server
            Reporter: David Lloyd
            Priority: Blocker

The SecurityDomain.authenticate() method creates a SecurityIdentity that inherits its
credentials from the calling identity.

The usage of ServerAuthenticationContext is correct (it inherits the current identity as
the captured identity).  Capturing the identity is necessary to perform run-as
authorizations without an authentication step.  However the credentials should probably
not be propagated from the captured identity in any case.

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] (ELY-1281) SecurityDomain.authenticate() propagates credentials inappropriately