[jboss-jira] [JBoss JIRA] (ELY-913) Incorrect username is passed to principal when principal-transformers are enabled

Ondrej Lukas (JIRA) issues at jboss.org
Fri Feb 3 07:37:00 EST 2017 

     [ https://issues.jboss.org/browse/ELY-913?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ondrej Lukas closed ELY-913.
----------------------------
    Resolution: Rejected


Ok, I understand it now. Thanks for the clarification. I am closing this issue since this is not a bug.

> Incorrect username is passed to principal when principal-transformers are enabled
> ---------------------------------------------------------------------------------
>
>                 Key: ELY-913
>                 URL: https://issues.jboss.org/browse/ELY-913
>             Project: WildFly Elytron
>          Issue Type: Bug
>    Affects Versions: 1.1.0.Beta21
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>            Priority: Critical
>
> In case when some principal-transformers are used for transforming principal in security domain then final username which is used for authentication and later for authorization is: input_username transformed by pre-realm-principal-transformer, post-realm-principal-transformer and realm principal-transformer. However Principal assigned to SecurityIdentity uses only name input_username transformed by pre-realm-principal-transformer.
> It seems it is caused by passing {{preRealmPrincipal}} as fourth parameter in https://github.com/wildfly-security/wildfly-elytron/blob/7b5c89c437d27fec60ec441986b5f830bb111283/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java#L1011
> Value of SecurityIdentity.getPrincipal() can be seen when trace log is enabled due to https://github.com/wildfly-security/wildfly-elytron/blob/7b5c89c437d27fec60ec441986b5f830bb111283/src/main/java/org/wildfly/security/auth/server/SecurityDomain.java#L451
> Since it seems there is currently no documentation related to this topic I cannot say whether it is real bug. [~dlofthouse] could you please provide some clarification?
> Log (see Steps to Reproduce for more details about configuration):
> {code}
> TRACE [org.wildfly.security] (default task-3) Principal assigning: [user], pre-realm rewritten: [user1], realm name: [ApplicationRealm], post realm rewritten: [user12], realm rewritten: [user123]
> TRACE [org.wildfly.security] (default task-3) Attempting to authenticate account user123 using LegacyPropertiesSecurityRealm.
> ...
> TRACE [org.wildfly.security] (default task-3) Role mapping: principal [user1] -> decoded roles [JBossAdmin] -> realm mapped roles [JBossAdmin] -> domain mapped roles [JBossAdmin]
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list