Details
-
Feature Request
-
Resolution: Done
-
Minor
-
JBossAS-4.0.2RC1
-
None
Description
org.jboss.security.jndi.LoginInitialContextFactory does the following:
Object principal = env.get(Context.SECURITY_PRINCIPAL);
| String username = principal != null ? principal.toString() : null; |
This code assumes the principal is just a String. It does not test to see if it's a Principal class implementation.
As a consequence, all principal objects which implement Principal won't work because it is not guarateed that their toString() method returns the principal name just like the getName() method does.
