Matt Wringe created JBWS-3541:
Summary: SubjectCreatingInterceptor.createSubject does not return principals
in the correct order
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Reporter: Matt Wringe
SubjectCreatingInterceptor.createSubject(String name, String password, boolean isDigest,
String nonce, String created) has to return the user principal first, and any other
principals after this one.
org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor (which the
* Create a Subject representing a current user and its roles.
* This Subject is expected to contain at least one Principal representing a user
* and optionally followed by one or more principal Groups this user is a member of.
that the first entry is the user entry, if not it throws an error.
The problem is that this method, by its definition, requires the user principal to be
first, but the ordering of the credentials doesn't matter to whatever populates the
SubjectCreatingInterceptor.createSubject has to check the order and rearrange the
principals before return the results. Otherwise its not implementing the abstract method
Note: I am not trying to argue that the ordering _should_ matter and I do think its
probably better for cxf to not require the ordering.
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
For more information on JIRA, see: http://www.atlassian.com/software/jira