[jboss-jira] [JBoss JIRA] Created: (SECURITY-126) Review username used in SPNEGOAuthenticator
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Wed Mar 5 09:29:57 EST 2008
Review username used in SPNEGOAuthenticator
-------------------------------------------
Key: SECURITY-126
URL: http://jira.jboss.com/jira/browse/SECURITY-126
Project: JBoss Security and Identity Management
Issue Type: Task
Security Level: Public (Everyone can see)
Components: Negotiation
Reporter: Darran Lofthouse
Assigned To: Darran Lofthouse
The SPNEGOAuthenticator needs a username in order to be able to call 'authenticate', this username is also used as a unique identifier in the cache.
At the moment the session ID for the web application is used.
This is unique for the set of current sessions.
May cause issues if the ID was to be reused.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list