[jboss-jira] [JBoss JIRA] (ELY-1281) SecurityDomain.authenticate() propagates credentials inappropriately
David Lloyd (JIRA)
issues at jboss.org
Tue Jul 11 11:19:00 EDT 2017
David Lloyd created ELY-1281:
--------------------------------
Summary: SecurityDomain.authenticate() propagates credentials inappropriately
Key: ELY-1281
URL: https://issues.jboss.org/browse/ELY-1281
Project: WildFly Elytron
Issue Type: Bug
Components: API / SPI, Authentication Server
Reporter: David Lloyd
Priority: Blocker
The SecurityDomain.authenticate() method creates a SecurityIdentity that inherits its credentials from the calling identity.
The usage of ServerAuthenticationContext is correct (it inherits the current identity as the captured identity). Capturing the identity is necessary to perform run-as authorizations without an authentication step. However the credentials should probably not be propagated from the captured identity in any case.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list