[jboss-jira] [JBoss JIRA] Resolved: (SECURITY-126) Review username used in SPNEGOAuthenticator
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Tue Jan 27 12:28:44 EST 2009
[ https://jira.jboss.org/jira/browse/SECURITY-126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse resolved SECURITY-126.
---------------------------------------
Resolution: Rejected
Will re-open if issues identified, so far this approach is working.
> Review username used in SPNEGOAuthenticator
> -------------------------------------------
>
> Key: SECURITY-126
> URL: https://jira.jboss.org/jira/browse/SECURITY-126
> Project: JBoss Security and Identity Management
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
>
> The SPNEGOAuthenticator needs a username in order to be able to call 'authenticate', this username is also used as a unique identifier in the cache.
> At the moment the session ID for the web application is used.
> This is unique for the set of current sessions.
> May cause issues if the ID was to be reused.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list