[jboss-user] [Security & JAAS/JBoss] - Re: j_security_check and the generated LoginContext

ragavgomatam do-not-reply at jboss.com
Thu Jan 10 22:58:34 EST 2008


You cannot change the SimplePrincipal. You set the name in the Principal via a constructor during login. Also It has only a getName() method. So answer is it 
is a big security loophole if you are allowed to change the SimplePrincipal name. So not possible

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4118909#4118909

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4118909



More information about the jboss-user mailing list