[jboss-jira] [JBoss JIRA] (SECURITY-905) Add protection of our GSSCredential added by the KerberosLoginModule
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Aug 21 11:42:27 EDT 2015
Darran Lofthouse created SECURITY-905:
-----------------------------------------
Summary: Add protection of our GSSCredential added by the KerberosLoginModule
Key: SECURITY-905
URL: https://issues.jboss.org/browse/SECURITY-905
Project: PicketBox
Issue Type: Task
Components: Negotiation
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: Negotiation_2_3_8_Beta1
GSSManager implementation can have an optimisation that attempts to obtain the GSSCredential from the private credentials in the Subject, in some situations such as JDBC drivers this can mean that a driver gets direct access to the credential we are supposed to be managing the lifecycle of.
The optimisation is based on checking if it is an instance of GSSCredentialImpl - if not then GSSManager creates a new instance.
This Jira issue is to wrap the instance we place in the Subject to prevent the optimisation kicking in. This then means code using the credential such as a JDBC driver is free to do what it wants with it's own credential without impacting on ours.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list