Bug 1243553 - [GSS] (6.4.z) Reuse authenticated subject from incoming context when security domains match
Summary: [GSS] (6.4.z) Reuse authenticated subject from incoming context when securit...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Deadline: 2015-09-11
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR1
: EAP 6.4.4
Assignee: Derek Horton
QA Contact: Ondrej Lukas
URL: https://github.com/jbossas/jboss-eap/...
Whiteboard:
Depends On:
Blocks: 1258075 1235744 1265805
TreeView+ depends on / blocked
 
Reported: 2015-07-15 19:01 UTC by Derek Horton
Modified: 2019-08-15 04:53 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1265805 (view as bug list)
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker WFLY-4625 0 Major Closed EJB SecurityContextInterceptor attempts JAAS login which doesn't work for JASPIC authentications 2018-11-06 09:18:09 UTC

Description Derek Horton 2015-07-15 19:01:15 UTC 
Description of problem:

If a web app and ejb belong to the same security-domain, the user is unnecessarily reauthenticated when the web app invokes an ejb.

This can cause issues when the web app is configured to use JASPI.
Comment 1 Derek Horton 2015-07-15 19:18:26 UTC 
6.4.x PR
https://github.com/jbossas/jboss-eap/pull/2480

Upstream is already merged
https://github.com/wildfly/wildfly/pull/7469
Comment 4 Derek Horton 2015-09-10 19:22:56 UTC 
New 6.4.x PR
https://github.com/jbossas/jboss-eap/pull/2544

Upstream is already merged
https://github.com/wildfly/wildfly/pull/7469
Comment 5 Ondrej Lukas 2015-09-23 11:20:52 UTC 
Verified in EAP 6.4.4.CP.CR3.
Comment 6 Petr Penicka 2017-01-17 10:51:24 UTC 
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.
Comment 7 Petr Penicka 2017-01-17 10:51:28 UTC 
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.
Note You need to log in before you can comment on or make changes to this bug.