[jboss-jira] [JBoss JIRA] (WFLY-8997) @RunAsIdentity should cause authentication part to be skipped
Jörg Bäsner (JIRA)
issues at jboss.org
Tue Jul 11 09:59:00 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jörg Bäsner reassigned WFLY-8997:
---------------------------------
Assignee: Stefan Guilhen
> @RunAsIdentity should cause authentication part to be skipped
> -------------------------------------------------------------
>
> Key: WFLY-8997
> URL: https://issues.jboss.org/browse/WFLY-8997
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Jörg Bäsner
> Assignee: Stefan Guilhen
>
> The issue [WFLY-140|https://issues.jboss.org/browse/WFLY-140] introduced a change in behavior.
> Before this change, the SecurityContextInterceptor would just invoke the push() method on SimpleSecurityManager and that method would internally create a new security context and authenticate the incoming principal if needed. In that implementation the presence of a RunAsIdentity would cause authentication part to be skipped.
> With the changes in the above issue, the security context establishment and the authentication parts were separated and while push() still checks for a RunAsIdentity, the authenticate() implementation does not, which ends up triggering the authentication process even if a RunAsIdentity is available. There is another check in place to avoid authentication if a valid authenticated subject already exists and the security domains match but this should also be the case if the security domains do not match.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list