[jboss-jira] [JBoss JIRA] (ELY-233) ServerAuthenticationContext callback handler special handling for AuthorizeCallback
Darran Lofthouse (JIRA)
issues at jboss.org
Tue Aug 4 07:58:02 EDT 2015
[ https://issues.jboss.org/browse/ELY-233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated ELY-233:
---------------------------------
Fix Version/s: 1.0.0.Alpha5
> ServerAuthenticationContext callback handler special handling for AuthorizeCallback
> -----------------------------------------------------------------------------------
>
> Key: ELY-233
> URL: https://issues.jboss.org/browse/ELY-233
> Project: WildFly Elytron
> Issue Type: Task
> Components: API / SPI
> Reporter: David Lloyd
> Fix For: 1.0.0.Alpha5
>
>
> The ServerAuthenticationContext's callback handler implementation currently handles each callback in order.
> It should instead handle all callbacks in order *except* for the AuthorizeCallback, which it should handle last. This will make it somewhat resilient against SASL server mechanisms (and other server mechanisms) which incorrectly send in the authorize callback before finishing authentication.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list