[jboss-jira] [JBoss JIRA] Commented: (SECURITY-255) IdentityLoginModule Incomplete password-stacking useFirstPass implementation
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Thu Jun 18 06:54:56 EDT 2009
[ https://jira.jboss.org/jira/browse/SECURITY-255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12472705#action_12472705 ]
Darran Lofthouse commented on SECURITY-255:
-------------------------------------------
The following class is a modification I needed to use to get this to work: -
https://svn.jboss.org/repos/jbossas/projects/security/security-negotiation/branches/SECURITY-141/jboss-negotiation-extras/src/main/java/org/jboss/security/negotiation/spnego/IdentityLoginModule.java
> IdentityLoginModule Incomplete password-stacking useFirstPass implementation
> ----------------------------------------------------------------------------
>
> Key: SECURITY-255
> URL: https://jira.jboss.org/jira/browse/SECURITY-255
> Project: JBoss Security and Identity Management
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: 2.0.2.CR6
> Reporter: Darran Lofthouse
> Assignee: Anil Saldhana
> Fix For: JBossSecurity_2.0.4
>
>
> The IdentityLoginModule has got an incomplete useFirstPass implementation.
> The login() method does start with: -
> if( super.login() == true )
> return true;
> To skip login if useFirstPass is set and authentication has already occurred.
> However at the end of login() setting the principal in the shared state map should only happen if useFirstPass was set.
> Also for this to work a credential also needs to be stored in the sharedStateMap otherwise other modules will assume authentication has not occurred.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list