[jboss-jira] [JBoss JIRA] (SECURITY-747) SubjectInfo.getRoles is null with cached credentials in SPNEGO
RH Bugzilla Integration (JIRA)
jira-events at lists.jboss.org
Wed Aug 14 09:17:27 EDT 2013
[ https://issues.jboss.org/browse/SECURITY-747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12796793#comment-12796793 ]
RH Bugzilla Integration commented on SECURITY-747:
--------------------------------------------------
Chris Dolphy <cdolphy at redhat.com> made a comment on [bug 997003|https://bugzilla.redhat.com/show_bug.cgi?id=997003]
Description of problem:
SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns the user's roles on the initial login, but if you refresh you get null. All subsequent calls will return null.
Version-Release number of selected component (if applicable):
EAP 6.1 with SPNEGO setup with KERBEROS
How reproducible:
The JBoss Negotiation Toolkit (2.2.5)'s 3rd test calls uses this, so can be reproduced easily
Steps to Reproduce:
1. setting up a SPNEGO environment with a KDC, JBoss with SPNEGO configured in security module and browser configured to do Kerberos negotiation
2. install JBoss Negotiation Toolkit 2.2.5
3. log in
4. navigating to the 3rd test (which succeeds)
5. refresh and get a NullPointerException on subjectinfo.getRoles().getRoles()
Actual results:
SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns null which results in a NullPointerException with Jboss Negotiation Toolkit.
Expected results:
SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns user's roles.
Additional info:
> SubjectInfo.getRoles is null with cached credentials in SPNEGO
> --------------------------------------------------------------
>
> Key: SECURITY-747
> URL: https://issues.jboss.org/browse/SECURITY-747
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Environment: EAP 6.1
> SPNEGO setup with KERBEROS
> Reporter: Chris Dolphy
> Assignee: Darran Lofthouse
>
> SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns the user's roles on the initial login, but if you refresh you get null. All subsequent calls will return null.
> I'm using the 3rd test in JBoss Negotiation Toolkit. If you refresh after logging in, you get a NullPointerException
> It appears that with Basic autentication, JBossWebRealm.authenticate calls
> JBossAuthenticationManager.getSubjectRoles
> which sets the roles on the SubjectInfo. However, with SPNEGO
> (NegotiationAuthenticator) JBossWebRealm.authenticate is not called on
> subsequent requests due to request.getUserPrincipal() being set, so the roles are never set on SubjectInfo. However, the role information is in SubjectInfo as a principal.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list