Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Minor
Fix Version/s: JBossAS-4.0.5.CR1, JBossAS-5.0.0.Beta1
Affects Version/s: JBossAS-4.0.4.GA
Component/s: Security
Labels:
None

Forum Reference:
http://community.jboss.org/message/282198#282198

SFDC Cases Counter:
SFDC Cases Links:

Description

Whether or not this is a bug is debatable, but it is definitely less than an optimal situation.

The JAASSecurityManager implements logic to cache authentication information and validate against the cache prior to re-authenticating via the LoginContext. The method call isValid() takes in the credential as an object. The logic that validates against the cache is such that a String and char array that represent the same character sequence will never be considered equal.

The non-optimal situation is created because the security component integrated with Tomcat passes the credential as a String, but JMS uses char[]. This can lead to a large amount of churn in the security subsystem when the same user is authenticated via both paths.

A workaround is to have users dedicated to JMS that never connect via web-based authentication.

Attachments

Activity

People

Assignee:: Scott Stark (Inactive)

Reporter:: Eugene Clark (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 2006/06/02 11:45 AM

Updated:: 2006/06/22 1:43 PM

Resolved:: 2006/06/22 1:43 PM