[jboss-jira] [JBoss JIRA] (SECURITY-747) SubjectInfo.getRoles is null with cached credentials in SPNEGO
Chris Dolphy (JIRA)
jira-events at lists.jboss.org
Wed Aug 14 09:07:26 EDT 2013
Chris Dolphy created SECURITY-747:
-------------------------------------
Summary: SubjectInfo.getRoles is null with cached credentials in SPNEGO
Key: SECURITY-747
URL: https://issues.jboss.org/browse/SECURITY-747
Project: PicketBox
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Negotiation
Environment: EAP 6.1
SPNEGO setup with KERBEROS
Reporter: Chris Dolphy
Assignee: Darran Lofthouse
SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns the user's roles on the initial login, but if you refresh you get null. All subsequent calls will return null.
I'm using the 3rd test in JBoss Negotiation Toolkit. If you refresh after logging in, you get a NullPointerException
It appears that with Basic autentication, JBossWebRealm.authenticate calls
JBossAuthenticationManager.getSubjectRoles
which sets the roles on the SubjectInfo. However, with SPNEGO
(NegotiationAuthenticator) JBossWebRealm.authenticate is not called on
subsequent requests due to request.getUserPrincipal() being set, so the roles are never set on SubjectInfo. However, the role information is in SubjectInfo as a principal.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list