Bug 1243553 - [GSS] (6.4.z) Reuse authenticated subject from incoming context when security domains match
Summary: [GSS] (6.4.z) Reuse authenticated subject from incoming context when securit...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Deadline: 2015-09-11
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR1
: EAP 6.4.4
Assignee: Derek Horton
QA Contact: Ondrej Lukas
URL: https://github.com/jbossas/jboss-eap/...
Whiteboard:
Depends On:
Blocks: 1258075 1235744 1265805
TreeView+ depends on / blocked
 
Reported: 2015-07-15 19:01 UTC by Derek Horton
Modified: 2019-08-15 04:53 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1265805 (view as bug list)
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat One Jira Issue Tracker WFLY-4625 Major Closed EJB SecurityContextInterceptor attempts JAAS login which doesn't work for JASPIC authentications 2018-11-06 09:18:09 UTC

Description Derek Horton 2015-07-15 19:01:15 UTC
Description of problem:

If a web app and ejb belong to the same security-domain, the user is unnecessarily reauthenticated when the web app invokes an ejb.

This can cause issues when the web app is configured to use JASPI.

Comment 1 Derek Horton 2015-07-15 19:18:26 UTC
6.4.x PR
https://github.com/jbossas/jboss-eap/pull/2480

Upstream is already merged
https://github.com/wildfly/wildfly/pull/7469

Comment 4 Derek Horton 2015-09-10 19:22:56 UTC
New 6.4.x PR
https://github.com/jbossas/jboss-eap/pull/2544

Upstream is already merged
https://github.com/wildfly/wildfly/pull/7469

Comment 5 Ondrej Lukas 2015-09-23 11:20:52 UTC
Verified in EAP 6.4.4.CP.CR3.

Comment 6 Petr Penicka 2017-01-17 10:51:24 UTC
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.

Comment 7 Petr Penicka 2017-01-17 10:51:28 UTC
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.


Note You need to log in before you can comment on or make changes to this bug.