[jboss-jira] [JBoss JIRA] Moved: (JBAS-7698) Principal information used to check web security constraints should be read from Subject

[Remy Maucherat (JIRA)]

     [ https://jira.jboss.org/jira/browse/JBAS-7698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Remy Maucherat moved JBWEB-137 to JBAS-7698:
--------------------------------------------

              Project: JBoss Application Server  (was: JBoss Web)
                  Key: JBAS-7698  (was: JBWEB-137)
          Component/s: Security
                           (was: Core)
    Affects Version/s:     (was: JBossWeb-2.1.0.GA)


> Principal information used to check web security constraints should be read from Subject
> ----------------------------------------------------------------------------------------
>
>                 Key: JBAS-7698
>                 URL: https://jira.jboss.org/jira/browse/JBAS-7698
>             Project: JBoss Application Server
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Security
>         Environment: RHEL, JDK6u12, JBossAS 5.0.1
>            Reporter: eugene75
>            Assignee: Remy Maucherat
>            Priority: Minor
>
> The JBossGenericPrincipal instance constructed and cached by JBossWebRealm.authenticate() creates a copy of Subject caller principal, roles, password.  Therefore any modifications to the subject during the user's session and not propagated to the JBossGenericPrincipal.  It would be preferable if the data returned by JBossGenericPrincipal came directly from the Subject object itself.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira