Bug 1067610
Summary: | [GSS] (6.3.0) Authentication attempts will fail if the DatabaseRolesMappingProvider's rolesQuery returns an empty set | |||
---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Derek Horton <dehort> | |
Component: | Security | Assignee: | Derek Horton <dehort> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Josef Cacek <jcacek> | |
Severity: | unspecified | Docs Contact: | Russell Dickenson <rdickens> | |
Priority: | unspecified | |||
Version: | 6.1.1 | CC: | dehort, hmlnarik, smumford, twells | |
Target Milestone: | ER4 | |||
Target Release: | EAP 6.3.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
In previous versions of JBoss EAP 6 it was found that authentication attempts would fail if the `DatabaseRolesMappingProvider` returned a null value. This was caused by the authentication not being able to provide roles to authenticated users if the value was null. In this release of the product, the security system will honor successful authentications and not attempt to apply roles in instances where the returned value is null.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1067612 (view as bug list) | Environment: | ||
Last Closed: | 2014-06-28 15:38:56 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1067584, 1067612 |
Description
Derek Horton
2014-02-20 17:32:45 UTC
Fix committed to: https://svn.jboss.org/repos/picketbox/branches/eap62 https://svn.jboss.org/repos/picketbox/trunk Derek Horton <dhorton> updated the status of jira SECURITY-797 to Resolved Verified in 6.3.0.ER4 Refactored release note text for this as a Known Issue (ER4 fixes will not be picked up in the 6.3.0 Beta release) Original note included here for use at 6.3.0 GA: In previous versions of JBoss EAP 6 it was found that authentication attempts would fail if the `DatabaseRolesMappingProvider` returned a null value. This was caused by the authentication not being able to provide roles to authenticated users if the value was null. In this release of the product, the security system will honor successful authentications and not attempt to apply roles in instances where the returned value is null. |