Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
Description
SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns the user's roles on the initial login, but if you refresh you get null. All subsequent calls will return null.
I'm using the 3rd test in JBoss Negotiation Toolkit. If you refresh after logging in, you get a NullPointerException
It appears that with Basic autentication, JBossWebRealm.authenticate calls
JBossAuthenticationManager.getSubjectRoles
which sets the roles on the SubjectInfo. However, with SPNEGO
(NegotiationAuthenticator) JBossWebRealm.authenticate is not called on
subsequent requests due to request.getUserPrincipal() being set, so the roles are never set on SubjectInfo. However, the role information is in SubjectInfo as a principal.