[jboss-jira] [JBoss JIRA] (SECURITY-772) SPNEGOLoginModule does not always respect removeRealmFromPrincipal
RH Bugzilla Integration (JIRA)
issues at jboss.org
Mon Feb 3 11:08:29 EST 2014
[ https://issues.jboss.org/browse/SECURITY-772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12940857#comment-12940857 ]
RH Bugzilla Integration commented on SECURITY-772:
--------------------------------------------------
Darran Lofthouse <darran.lofthouse at redhat.com> changed the Status of [bug 1039955|https://bugzilla.redhat.com/show_bug.cgi?id=1039955] from NEW to ASSIGNED
> SPNEGOLoginModule does not always respect removeRealmFromPrincipal
> ------------------------------------------------------------------
>
> Key: SECURITY-772
> URL: https://issues.jboss.org/browse/SECURITY-772
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2_2_6
> Reporter: Tom Fonteyne
> Assignee: Tom Fonteyne
> Priority: Minor
> Fix For: Negotiation_2_2_7
>
>
> org.jboss.security.negotiation.spnego.SPNEGOLoginModule
> private class AcceptSecContext:
> if (gssContext.isEstablished())
> {
> log.warn("Authentication was performed despite already being authenticated!");
> // TODO - Refactor to only do this once.
> setIdentity(new KerberosPrincipal(gssContext.getSrcName().toString()));
> The last line should obey the "removeRealmFromPrincipal" flag similarly as a bit further down:
> setIdentity(createIdentity(gssContext.getSrcName().toString()));
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list