UserPrincipal search in RemotingLoginModule seems to be broken -------------------------------------------------------------- Key: AS7-6159 URL: https://issues.jboss.org/browse/AS7-6159 Project: Application Server 7 Issue Type: Bug Components: Security Affects Versions: 7.1.3.Final (EAP) Reporter: Josef Cacek Assignee: Josef Cacek The code of UserPrincipal search in RemotingLoginModule seems to be invalid. There's {code} UserPrincipal up = null; for (Principal current : con.getPrincipals()) { if (current instanceof UserPrincipal) { up = (UserPrincipal) current; } break; } {code} but IMO, the correct code is: {code} UserPrincipal up = null; for (Principal current : con.getPrincipals()) { if (current instanceof UserPrincipal) { up = (UserPrincipal) current; break; } } {code} If the connection from RemotingContext contains more Principals, then only the first is checked. I.e. If the first Principal is not an UserPrincipal, then the RemotingLoginModule doesn't work.