Details
-
Bug
-
Resolution: Done
-
Major
-
7.1.3.Final (EAP)
-
None
Description
The code of UserPrincipal search in RemotingLoginModule seems to be invalid.
There's
UserPrincipal up = null; for (Principal current : con.getPrincipals()) { if (current instanceof UserPrincipal) { up = (UserPrincipal) current; } break; }
but IMO, the correct code is:
UserPrincipal up = null; for (Principal current : con.getPrincipals()) { if (current instanceof UserPrincipal) { up = (UserPrincipal) current; break; } }
If the connection from RemotingContext contains more Principals, then only the first is checked. I.e. If the first Principal is not an UserPrincipal, then the RemotingLoginModule doesn't work.