Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-760

Elytron Ldap Realm searches roles before validating password

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.1.0.Beta20
    • 1.1.0.Beta13
    • Realms
    • None

      In Ldap Realm roles are searched before actual user password is validated. Ldap Realm uses following flow:

      1. searching for username
      2. searching for roles (i.e. searching for attributes)
      3. validating password for username

      It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues.

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: