[jboss-jira] [JBoss JIRA] (ELY-1597) Identity Restoration where the Principal is not quite enough.

Darran Lofthouse (JIRA) issues at jboss.org
Mon Jul 23 13:13:01 EDT 2018 

     [ https://issues.jboss.org/browse/ELY-1597?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated ELY-1597:
----------------------------------
    Fix Version/s: 1.5.1.CR1
                       (was: 1.5.0.Final)


> Identity Restoration where the Principal is not quite enough.
> -------------------------------------------------------------
>
>                 Key: ELY-1597
>                 URL: https://issues.jboss.org/browse/ELY-1597
>             Project: WildFly Elytron
>          Issue Type: Enhancement
>          Components: Realms
>            Reporter: Darran Lofthouse
>            Priority: Critical
>             Fix For: 1.5.1.CR1
>
>
> Presently our authentication process is build around a SecurityRealm being able to create a RealmIdentity which we then convert to an AuthorizationIdentity which is then converted to a SecurityIdentity after applying appropriate SecurityDomain configured mappings.
> Generally in a SecurityRealm one of two different methods tend to be used to create the RealmIdentity.
> {code:java}
> RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException
> {code}
> or
> {code:java}
> RealmIdentity getRealmIdentity(Evidence evidence) throws RealmUnavailableException
> {code}
> Generally from the realms we know about, where the Principal form of the method is used the realm will likely load the attributes that go into the AuthorizationIdentity from another source, however for the form that takes Evidence often the attributes can be derived from the evidence.
> Where we persist identities to be restored later such as identity propagation, batch, clustering etc we persist the name of the identity and use it to restore the identity using the Principal form of the above methods.  For cases where an identity was originally created using evidence we no longer have sufficient information to recreate the identity.
> This Enhancement is to review how we can address this.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list