Details
-
Bug
-
Resolution: Done
-
Major
-
jboss-fuse-6.1
-
None
-
None
-
%
-
Description
There is a problem in JBoss Fuse 6.1 with Karaf's JAAS and CXF authorization system.
That is because of Karaf's RolePricipal do not implements Group as CXF expected. Instead of it, it implements Pricipal so CXF thinks that 1st role name is a username. As a result 1st role is ignored and request is rejected, unless user has more roles required to invoke a service. If yes, then second role is taken and request is processed.
This problem is already solved by this issue: https://issues.apache.org/jira/browse/CXF-5603
We just need to back port it to next bug fix release of JBoss Fuse 6.
Sooner, better because one of our customers is about to use it.