[jboss-jira] [JBoss JIRA] (SECURITY-747) SubjectInfo.getRoles is null with cached credentials in SPNEGO
RH Bugzilla Integration (JIRA)
jira-events at lists.jboss.org
Wed Aug 14 09:17:26 EDT 2013
[ https://issues.jboss.org/browse/SECURITY-747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
RH Bugzilla Integration updated SECURITY-747:
---------------------------------------------
Bugzilla Update: Perform
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=997003
> SubjectInfo.getRoles is null with cached credentials in SPNEGO
> --------------------------------------------------------------
>
> Key: SECURITY-747
> URL: https://issues.jboss.org/browse/SECURITY-747
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Environment: EAP 6.1
> SPNEGO setup with KERBEROS
> Reporter: Chris Dolphy
> Assignee: Darran Lofthouse
>
> SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns the user's roles on the initial login, but if you refresh you get null. All subsequent calls will return null.
> I'm using the 3rd test in JBoss Negotiation Toolkit. If you refresh after logging in, you get a NullPointerException
> It appears that with Basic autentication, JBossWebRealm.authenticate calls
> JBossAuthenticationManager.getSubjectRoles
> which sets the roles on the SubjectInfo. However, with SPNEGO
> (NegotiationAuthenticator) JBossWebRealm.authenticate is not called on
> subsequent requests due to request.getUserPrincipal() being set, so the roles are never set on SubjectInfo. However, the role information is in SubjectInfo as a principal.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list