[JBoss JIRA] (ELY-90) DigestMD is missing permission check to use authorisation id

Wednesday, 10 December 2014

    [
https://issues.jboss.org/browse/ELY-90?page=com.atlassian.jira.plugin.sys...
] 

David Lloyd commented on ELY-90:
--------------------------------

I was thinking about this for the EXTERNAL mechanism and I came to the conclusion that it
is the responsibility of the CallbackHandler implementation to do this check.  This allows
us to plug in authorization strategies, if necessary, which could be useful.

...
 DigestMD is missing permission check to use authorisation id
 ------------------------------------------------------------

                 Key: ELY-90
                 URL: https://issues.jboss.org/browse/ELY-90
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Peter Skopek
            Assignee: Peter Skopek

 DigestMD is missing permission check to use authorisation id.
 See CompatibilityServerTest:ignored test testUnauthorizedAuthorizationId. 

--
This message was sent by Atlassian JIRA
(v6.3.8#6338)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006