[jboss-jira] [JBoss JIRA] Commented: (SECURITY-225) LdapExtLoginModule does not populate user roles after BaseCertLoginModule
Marcus Moyses (JIRA)
jira-events at lists.jboss.org
Mon Jun 2 10:38:23 EDT 2008
[ http://jira.jboss.com/jira/browse/SECURITY-225?page=comments#action_12415168 ]
Marcus Moyses commented on SECURITY-225:
----------------------------------------
What happens is that LdapExtLoginModule populates the roles only when validatePassword(String, String) is called. With password-stacking this method is not called, therefore the getRolesSet() method returns no roles.
> LdapExtLoginModule does not populate user roles after BaseCertLoginModule
> -------------------------------------------------------------------------
>
> Key: SECURITY-225
> URL: http://jira.jboss.com/jira/browse/SECURITY-225
> Project: JBoss Security and Identity Management
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: 2.0.2.CR2
> Reporter: Anil Saldhana
> Assigned To: Marcus Moyses
> Fix For: 2.0.2.GA
>
>
> Marcus, do you want to take a look at this? Just scan the source of LdapExtLoginModule as a start.
> Please investigate if this is a bug. If yes, then we have to fix the 4.x branches also.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list