[jboss-jira] [JBoss JIRA] (ELY-1281) SecurityDomain.authenticate() propagates credentials inappropriately
Pedro Igor (JIRA)
issues at jboss.org
Wed Jul 12 14:31:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pedro Igor reassigned ELY-1281:
-------------------------------
Assignee: Pedro Igor
> SecurityDomain.authenticate() propagates credentials inappropriately
> --------------------------------------------------------------------
>
> Key: ELY-1281
> URL: https://issues.jboss.org/browse/ELY-1281
> Project: WildFly Elytron
> Issue Type: Bug
> Components: API / SPI, Authentication Server
> Reporter: David Lloyd
> Assignee: Pedro Igor
> Priority: Blocker
>
> The SecurityDomain.authenticate() method creates a SecurityIdentity that inherits its credentials from the calling identity.
> The usage of ServerAuthenticationContext is correct (it inherits the current identity as the captured identity). Capturing the identity is necessary to perform run-as authorizations without an authentication step. However the credentials should probably not be propagated from the captured identity in any case.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list