[jboss-jira] [JBoss JIRA] (SECURITY-747) SubjectInfo.getRoles is null with cached credentials in SPNEGO
RH Bugzilla Integration (JIRA)
issues at jboss.org
Tue Jul 22 09:19:30 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12987072#comment-12987072 ]
RH Bugzilla Integration commented on SECURITY-747:
--------------------------------------------------
Darran Lofthouse <darran.lofthouse at redhat.com> changed the Status of [bug 997003|https://bugzilla.redhat.com/show_bug.cgi?id=997003] from NEW to CLOSED
> SubjectInfo.getRoles is null with cached credentials in SPNEGO
> --------------------------------------------------------------
>
> Key: SECURITY-747
> URL: https://issues.jboss.org/browse/SECURITY-747
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Environment: EAP 6.1
> SPNEGO setup with KERBEROS
> Reporter: Chris Dolphy
> Assignee: Darran Lofthouse
>
> SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns the user's roles on the initial login, but if you refresh you get null. All subsequent calls will return null.
> I'm using the 3rd test in JBoss Negotiation Toolkit. If you refresh after logging in, you get a NullPointerException
> It appears that with Basic autentication, JBossWebRealm.authenticate calls
> JBossAuthenticationManager.getSubjectRoles
> which sets the roles on the SubjectInfo. However, with SPNEGO
> (NegotiationAuthenticator) JBossWebRealm.authenticate is not called on
> subsequent requests due to request.getUserPrincipal() being set, so the roles are never set on SubjectInfo. However, the role information is in SubjectInfo as a principal.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list