[teiid-issues] [JBoss JIRA] (TEIID-4561) Deprecate the PassthroughIdentityLoginModule

Steven Hawkins (JIRA) issues at jboss.org
Wed Nov 9 12:47:00 EST 2016


    [ https://issues.jboss.org/browse/TEIID-4561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13319820#comment-13319820 ] 

Steven Hawkins commented on TEIID-4561:
---------------------------------------

> In DelegationCredentialContext the subject already contains the GssCredential on the subject, in this case we need to inject the credential into Subject. 

Agreed.  Are you saying that where you do the interception with the OAuthFilter is not authenticated?  And/or that if there is a Subject that it is not the same one that will be associated with the thread accessing Teiid?

> OAuthCredential is Teiid's own, there are no standards on delegation scenarios that I know of.

Can you expand on this?  I don't think I'm implying a standard applies here.

> Deprecate the PassthroughIdentityLoginModule
> --------------------------------------------
>
>                 Key: TEIID-4561
>                 URL: https://issues.jboss.org/browse/TEIID-4561
>             Project: Teiid
>          Issue Type: Quality Risk
>          Components: Server
>            Reporter: Steven Hawkins
>            Assignee: Steven Hawkins
>             Fix For: 9.2
>
>
> The delegation capability of the PassthroughIdentityLoginModule can be associated with the underlying OAuth10/20 login modules (similar to the delegationCredential behavior of the KerberosLoginModule).  Also the OAuthCredentialContext should be changed to use the Subject private credentials rather than a ThreadLocal.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)


More information about the teiid-issues mailing list