[jboss-jira] [JBoss JIRA] (SECURITY-905) Add protection of our GSSCredential added by the KerberosLoginModule
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Aug 21 11:48:26 EDT 2015
[ https://issues.jboss.org/browse/SECURITY-905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse resolved SECURITY-905.
---------------------------------------
Resolution: Done
> Add protection of our GSSCredential added by the KerberosLoginModule
> --------------------------------------------------------------------
>
> Key: SECURITY-905
> URL: https://issues.jboss.org/browse/SECURITY-905
> Project: PicketBox
> Issue Type: Task
> Components: Negotiation
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: Negotiation_2_3_8_Beta1
>
>
> GSSManager implementation can have an optimisation that attempts to obtain the GSSCredential from the private credentials in the Subject, in some situations such as JDBC drivers this can mean that a driver gets direct access to the credential we are supposed to be managing the lifecycle of.
> The optimisation is based on checking if it is an instance of GSSCredentialImpl - if not then GSSManager creates a new instance.
> This Jira issue is to wrap the instance we place in the Subject to prevent the optimisation kicking in. This then means code using the credential such as a JDBC driver is free to do what it wants with it's own credential without impacting on ours.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list