Uploaded image for project: 'JBoss Enterprise Application Platform 6'
  1. JBoss Enterprise Application Platform 6
  2. JBPAPP6-1426

CallerPrincipal is used for authentication after flushing Authentication cache

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Migrated to another ITS
    • Affects Version/s: EAP 6.0.0
    • Fix Version/s: TBD EAP 6
    • Component/s: Security
    • Labels:

      Description

      My custom login module stores my custom caller principal as follow:-

      public class CustomLoginModule extends UsernamePasswordLoginModule {
                      
              private Principal callerPrincipal;
      
      	(snip)
      
              public boolean commit() throws LoginException {
                      
                      callerPrincipal = new CustomPrincipal("FIXED_NAME");
                      SimpleGroup callerGroup = new SimpleGroup("CallerPrincipal");
                      callerGroup.addMember(new SimplePrincipal(getIdentity().getName()));
                      subject.getPrincipals().add(callerGroup);
                      
                      boolean result = super.commit();
                      
                      return result;
              }       
      

      HttpServletRequest.login() is invoked in my servlet #1. Then, my servlet invokes my secured EJB, but authentication is failed, since CustomLoginModule.callerGroup.getPrincipals() is used for authentication instead of CustomLoginModule.identity.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                anil.saldhana Anil Saldanha
                Reporter:
                hisanobu.okuda Hisanobu Okuda
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: