Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: EAP 6.1.0.Alpha (7.2.0.Final)
Affects Version/s: 7.1.3.Final (EAP)
Component/s: Security
Labels:
None

Git Pull Request:
https://github.com/jbossas/jboss-as/pull/3644
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=901262, https://bugzilla.redhat.com/show_bug.cgi?id=917119

Description

The code of UserPrincipal search in RemotingLoginModule seems to be invalid.
There's

UserPrincipal up = null;
for (Principal current : con.getPrincipals()) {
    if (current instanceof UserPrincipal) {
        up = (UserPrincipal) current;
    }
    break;
}

but IMO, the correct code is:

UserPrincipal up = null;
for (Principal current : con.getPrincipals()) {
    if (current instanceof UserPrincipal) {
        up = (UserPrincipal) current;
        break;
    }
}

If the connection from RemotingContext contains more Principals, then only the first is checked. I.e. If the first Principal is not an UserPrincipal, then the RemotingLoginModule doesn't work.

Attachments

Activity

People

Assignee:: Josef Cacek (Inactive)

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2012/12/13 5:58 AM

Updated:: 2022/09/09 6:12 AM

Resolved:: 2013/03/07 8:06 AM