[jboss-jira] [JBoss JIRA] (WFCORE-2547) Revisit the meaning of aggregate-principal-transformer

Jan Kalina (JIRA) issues at jboss.org
Sat Apr 29 05:56:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina updated WFCORE-2547:
-------------------------------
    Priority: Blocker  (was: Critical)


> Revisit the meaning of aggregate-principal-transformer
> ------------------------------------------------------
>
>                 Key: WFCORE-2547
>                 URL: https://issues.jboss.org/browse/WFCORE-2547
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>              Labels: principal-transformer
>
> Meaning of Elytron {{aggregate-principal-transformer}} should be revised. Also one point about {{regex-validating-principal-transformer}} is included since it seems its use cases are related to aggregate-principal-transformer. See:
> * It seems that it works like "It iterates through assigned Principal Transformers and returns the first non-null transformed Principal" - is it correct and intended behaviour? Is "aggregate-principal-transformer" appropriate name for transformer which works like that?
> * What is the use case for regex-validating-principal-transformer. This transformer just checks some pattern and if it does not match then it rewrites Principal name to null. I think it can be useful in aggregate-principal-transformer, when it can check that name matches some pattern in first transformer (regex-validating-principal-transformer) and then transforms principal in another transformer (e.g. constant-principal-transformer). Is there any other use case?
> * When can aggregate-principal-transformer return any other Principal Transformer than first of the list? I think only user implemented custom-principal-transformer can currently return null (which enable iterating to another principal transformer in the list). Also regex-validating-principal-transformer can be used for returning non-first transformer, as I mentioned in previous point. Is there any real scenario when aggregate-principal-transformer can be used?
> This issue is reported based on previous discussion with engineering.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list