Bug 1069886
Summary: | [GSS] (6.2.x) SecureIdentityLoginModule (and ConfiguredIdentityLoginModule) results are not cached by the JAAS cache | |||
---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Derek Horton <dehort> | |
Component: | Security | Assignee: | Derek Horton <dehort> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Josef Cacek <jcacek> | |
Severity: | unspecified | Docs Contact: | Russell Dickenson <rdickens> | |
Priority: | unspecified | |||
Version: | 6.1.0 | CC: | bbaranow, cdewolf, dehort, olukas, smumford | |
Target Milestone: | CR2 | |||
Target Release: | EAP 6.2.3 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
In previous versions of JBoss EAP 6, the JAAS cache did not cache the login information when the principal was null.
If an application is not secured and uses a datasource that is configured to use the `SecureIdentityLoginModule`, the principal comes into JAAS cache as a null.
As a result, nothing was cached. This meant that each time the application used the datasource, a call to the login-module was triggered.
This release of the product contains a modification to the JAAS cache logic to cache the login info when the principal is null. Now the login module is not called each time the datasource is used.
|
Story Points: | --- | |
Clone Of: | 1069885 | |||
: | 1073646 (view as bug list) | Environment: | ||
Last Closed: | 2014-06-09 12:46:43 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1069885 | |||
Bug Blocks: | 1067532, 1073646, 1088896, 1088897 |
Description
Derek Horton
2014-02-25 20:58:21 UTC
Derek Horton <dhorton> updated the status of jira SECURITY-803 to Resolved Fix committed: https://svn.jboss.org/repos/picketbox/branches/eap62 Reproducer: - unsecured/unprotected servlet that users a datasource - configure a datasource that uses a security-domain - configure the security-domain to use either the SecureIdentityLoginModule or the ConfiguredIdentityLoginModule - hit the servlet and make sure the security-domain only gets hit once Verified in EAP 6.2.3.CR2. Please add doc text. Please add doc text. Thank you. |