[jboss-jira] [JBoss JIRA] Commented: (SECURITY-415) ClientLoginModule multi-threaded=false should make SecurityContext client side association
Stefan Guilhen (JIRA)
jira-events at lists.jboss.org
Wed Jul 1 13:19:51 EDT 2009
[ https://jira.jboss.org/jira/browse/SECURITY-415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12474498#action_12474498 ]
Stefan Guilhen commented on SECURITY-415:
-----------------------------------------
Another possibility is to forbid the use of ClientLoginModule on the server side, as one could easily do SecurityClientFactory.getSecurityClient().performSimpleLogin() to change his security context information. The drawback here is that we would have to clearly document this and it would break applications that currently use the ClientLoginModule on the server side.
> ClientLoginModule multi-threaded=false should make SecurityContext client side association
> ------------------------------------------------------------------------------------------
>
> Key: SECURITY-415
> URL: https://jira.jboss.org/jira/browse/SECURITY-415
> Project: JBoss Security and Identity Management
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: JBossSecurity_2.0.3.SP1
> Reporter: Anil Saldhana
> Assignee: Anil Saldhana
> Fix For: JBossSecurity_2.0.3.SP2
>
>
> The ClientLoginModule multi-threaded=false option when missing, should set SecurityContextAssociation.setClient()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list