[jboss-jira] [JBoss JIRA] (SECURITY-747) SubjectInfo.getRoles is null with cached credentials in SPNEGO
Darran Lofthouse (JIRA)
issues at jboss.org
Tue Aug 21 08:08:01 EDT 2018
[ https://issues.jboss.org/browse/SECURITY-747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse reassigned SECURITY-747:
-----------------------------------------
Assignee: (was: Darran Lofthouse)
> SubjectInfo.getRoles is null with cached credentials in SPNEGO
> --------------------------------------------------------------
>
> Key: SECURITY-747
> URL: https://issues.jboss.org/browse/SECURITY-747
> Project: PicketBox
> Issue Type: Bug
> Components: Negotiation
> Environment: EAP 6.1
> SPNEGO setup with KERBEROS
> Reporter: Chris Dolphy
>
> SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns the user's roles on the initial login, but if you refresh you get null. All subsequent calls will return null.
> I'm using the 3rd test in JBoss Negotiation Toolkit. If you refresh after logging in, you get a NullPointerException
> It appears that with Basic autentication, JBossWebRealm.authenticate calls
> JBossAuthenticationManager.getSubjectRoles
> which sets the roles on the SubjectInfo. However, with SPNEGO
> (NegotiationAuthenticator) JBossWebRealm.authenticate is not called on
> subsequent requests due to request.getUserPrincipal() being set, so the roles are never set on SubjectInfo. However, the role information is in SubjectInfo as a principal.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list