[jboss-user] [Security & JAAS/JBoss] - Re: j_security_check and the generated LoginContext
ragavgomatam
do-not-reply at jboss.com
Thu Jan 10 22:58:34 EST 2008
You cannot change the SimplePrincipal. You set the name in the Principal via a constructor during login. Also It has only a getName() method. So answer is it
is a big security loophole if you are allowed to change the SimplePrincipal name. So not possible
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4118909#4118909
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4118909
More information about the jboss-user
mailing list