[jboss-jira] [JBoss JIRA] Resolved: (SECURITY-433) Calls to getCallerPrincipal() return session ID
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Wed Oct 27 07:05:54 EDT 2010
[ https://jira.jboss.org/browse/SECURITY-433?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse resolved SECURITY-433.
---------------------------------------
Fix Version/s: (was: Negotiation_2.0.3.SP4 )
Resolution: Rejected
The option to remove the realm has already been implemented under SECURITY-476.
The call to getCallerPrincipal() does return the correct value, it was only the internal APIs returning the session ID which is the internal representation of the authentication.
> Calls to getCallerPrincipal() return session ID
> -----------------------------------------------
>
> Key: SECURITY-433
> URL: https://jira.jboss.org/browse/SECURITY-433
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2.0.3.SP1
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
>
> After SPNEGO based authentication the caller principal is the session ID - it should be possible to switch this to the name of the authenticated user.
> Also add an option to either return the full principal name or remove the realm.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list