[jboss-jira] [JBoss JIRA] (SECURITY-772) SPNEGOLoginModule does not always respect removeRealmFromPrincipal
RH Bugzilla Integration (JIRA)
issues at jboss.org
Tue Mar 4 07:47:34 EST 2014
[ https://issues.jboss.org/browse/SECURITY-772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12949742#comment-12949742 ]
RH Bugzilla Integration commented on SECURITY-772:
--------------------------------------------------
FIlip Bogyai <fbogyai at redhat.com> changed the Status of [bug 1039955|https://bugzilla.redhat.com/show_bug.cgi?id=1039955] from ON_QA to VERIFIED
> SPNEGOLoginModule does not always respect removeRealmFromPrincipal
> ------------------------------------------------------------------
>
> Key: SECURITY-772
> URL: https://issues.jboss.org/browse/SECURITY-772
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2_2_6
> Reporter: Tom Fonteyne
> Assignee: Tom Fonteyne
> Priority: Minor
> Fix For: Negotiation_2_2_7
>
>
> org.jboss.security.negotiation.spnego.SPNEGOLoginModule
> private class AcceptSecContext:
> if (gssContext.isEstablished())
> {
> log.warn("Authentication was performed despite already being authenticated!");
> // TODO - Refactor to only do this once.
> setIdentity(new KerberosPrincipal(gssContext.getSrcName().toString()));
> The last line should obey the "removeRealmFromPrincipal" flag similarly as a bit further down:
> setIdentity(createIdentity(gssContext.getSrcName().toString()));
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list