[jboss-jira] [JBoss JIRA] Updated: (SECURITY-126) Review username used in SPNEGOAuthenticator
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Thu May 15 18:43:23 EDT 2008
[ http://jira.jboss.com/jira/browse/SECURITY-126?page=all ]
Darran Lofthouse updated SECURITY-126:
--------------------------------------
Fix Version/s: 2.0.3.Beta2
> Review username used in SPNEGOAuthenticator
> -------------------------------------------
>
> Key: SECURITY-126
> URL: http://jira.jboss.com/jira/browse/SECURITY-126
> Project: JBoss Security and Identity Management
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Reporter: Darran Lofthouse
> Assigned To: Darran Lofthouse
> Fix For: 2.0.3.Beta2
>
>
> The SPNEGOAuthenticator needs a username in order to be able to call 'authenticate', this username is also used as a unique identifier in the cache.
> At the moment the session ID for the web application is used.
> This is unique for the set of current sessions.
> May cause issues if the ID was to be reused.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list