Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1281

SecurityDomain.authenticate() propagates credentials inappropriately

    XMLWordPrintable

Details

    Description

      The SecurityDomain.authenticate() method creates a SecurityIdentity that inherits its credentials from the calling identity.

      The usage of ServerAuthenticationContext is correct (it inherits the current identity as the captured identity). Capturing the identity is necessary to perform run-as authorizations without an authentication step. However the credentials should probably not be propagated from the captured identity in any case.

      Attachments

        Issue Links

          causes

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-12034 Elytron - Wrong private credentials used for forwarded identity when SecurityDomain.authenticate() is used

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11454 In-VM calls with authenticated SecurityIdentity.runAs(Callable c) fail to authorise for asynchronous EJB calls

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-12265 Upgrade WildFly Elytron to 1.1.0.CR3

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              psilva@redhat.com Pedro Igor Craveiro
              dlloyd@redhat.com David Lloyd
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: