[jboss-jira] [JBoss JIRA] (ELY-90) DigestMD is missing permission check to use authorisation id
David Lloyd (JIRA)
issues at jboss.org
Wed Dec 10 13:23:39 EST 2014
[ https://issues.jboss.org/browse/ELY-90?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13026833#comment-13026833 ]
David Lloyd commented on ELY-90:
--------------------------------
I was thinking about this for the EXTERNAL mechanism and I came to the conclusion that it is the responsibility of the CallbackHandler implementation to do this check. This allows us to plug in authorization strategies, if necessary, which could be useful.
> DigestMD is missing permission check to use authorisation id
> ------------------------------------------------------------
>
> Key: ELY-90
> URL: https://issues.jboss.org/browse/ELY-90
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Peter Skopek
> Assignee: Peter Skopek
>
> DigestMD is missing permission check to use authorisation id.
> See CompatibilityServerTest:ignored test testUnauthorizedAuthorizationId.
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
More information about the jboss-jira
mailing list