[jboss-jira] [JBoss JIRA] (AS7-6159) UserPrincipal search in RemotingLoginModule seems to be broken
Josef Cacek (JIRA)
jira-events at lists.jboss.org
Thu Mar 7 08:07:42 EST 2013
[ https://issues.jboss.org/browse/AS7-6159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Josef Cacek resolved AS7-6159.
------------------------------
Fix Version/s: 7.2.0.Alpha1
Resolution: Done
Fix version added.
> UserPrincipal search in RemotingLoginModule seems to be broken
> --------------------------------------------------------------
>
> Key: AS7-6159
> URL: https://issues.jboss.org/browse/AS7-6159
> Project: Application Server 7
> Issue Type: Bug
> Components: Security
> Affects Versions: 7.1.3.Final (EAP)
> Reporter: Josef Cacek
> Assignee: Josef Cacek
> Fix For: 7.2.0.Alpha1
>
>
> The code of UserPrincipal search in RemotingLoginModule seems to be invalid.
> There's
> {code}
> UserPrincipal up = null;
> for (Principal current : con.getPrincipals()) {
> if (current instanceof UserPrincipal) {
> up = (UserPrincipal) current;
> }
> break;
> }
> {code}
> but IMO, the correct code is:
> {code}
> UserPrincipal up = null;
> for (Principal current : con.getPrincipals()) {
> if (current instanceof UserPrincipal) {
> up = (UserPrincipal) current;
> break;
> }
> }
> {code}
> If the connection from RemotingContext contains more Principals, then only the first is checked. I.e. If the first Principal is not an UserPrincipal, then the RemotingLoginModule doesn't work.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list