[ http://jira.jboss.com/jira/browse/SECURITY-129?page=all ] Darran Lofthouse updated SECURITY-129: -------------------------------------- Fix Version/s: (was: 2.0.3.Beta2) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/jira/browse/SECURITY-129?page=com.atlassian.jira.p... ] Zhiyong Li commented on SECURITY-129: ------------------------------------- If I can obtain the delegation credential, then I can accomplish the delegation (authenticate on behalf of the client user) by my code. In your 2.0.3 GA code, I notice that you have a threadlocal variable and also a scheme context variable in NegatiationContext.java private static final ThreadLocal<NegotiationContext> negotiationContext = new ThreadLocal<NegotiationContext>(); private Object schemeContext = null; I thought that I may be able to get the schemeContext from my code (such as a servlet) and then in turn to get the client delegation credential, for example, GSSContext context = (GSSContext)NegotiationContext.getCurrentNegotiationContext().getSchemeContext(); //check if the credentials can be delegated if (!context.getCredDelegState()) { System.out.println("credentials cannot be delegated!"); throw new Exception("credentials cannot be delegated!"); } //get the delegated credentials from the calling peer... GSSCredential clientCred = context.getDelegCred(); however, that value of schemeContext is "clear-ed" after "authentication" in org.jboss.security.negotiation.NegotiationAuthenticator.java protected boolean authenticate(final Request request, final Response response, final LoginConfig config) throws IOException{ ... negotiationContext.clear(); ... } Thus, I cannot get schemeContext. I get around the problem by commented out: negotiationContext.clear(); My request is that whether you can make the schemeContext or the client delegation credential available for the application code in the same request/response. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/browse/SECURITY-129?page=com.atlassian.jira.plugin... ] Darran Lofthouse updated SECURITY-129: -------------------------------------- Fix Version/s: Negotiation_2.0.3.SP4 (was: Negotiation_2.0.3.SP3) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/browse/SECURITY-129?page=com.atlassian.jira.plugin... ] Darran Lofthouse updated SECURITY-129: -------------------------------------- Fix Version/s: Negotiation_2.0.4.GA -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/SECURITY-129?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-129: -------------------------------------- Fix Version/s: (was: Negotiation_2.0.3.SP4 ) -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/SECURITY-129?page=com.atlassian.jira.plug... ] Darran Lofthouse resolved SECURITY-129. --------------------------------------- Resolution: Done The following class has been added to allow access to the current delegated context: - org.jboss.security.negotiation.DelegationCredentialContext The public method in this class is considered a public API so will not be changed, if available the method will return the GSSCredential for the current request - if this is not available null will be returned. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira