Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1281

SecurityDomain.authenticate() propagates credentials inappropriately

    Details

      Description

      The SecurityDomain.authenticate() method creates a SecurityIdentity that inherits its credentials from the calling identity.

      The usage of ServerAuthenticationContext is correct (it inherits the current identity as the captured identity). Capturing the identity is necessary to perform run-as authorizations without an authentication step. However the credentials should probably not be propagated from the captured identity in any case.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  pcraveiro Pedro Igor Silva
                  Reporter:
                  dmlloyd David Lloyd
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: