Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-760

Elytron Ldap Realm searches roles before validating password

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 1.1.0.Beta20
    • 1.1.0.Beta13
    • Realms
    • None

    Description

      In Ldap Realm roles are searched before actual user password is validated. Ldap Realm uses following flow:

      1. searching for username
      2. searching for roles (i.e. searching for attributes)
      3. validating password for username

      It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-7339 Elytron Ldap Realm searches roles before validating password

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          is related to

          Bug - A problem that impairs or prevents the functions of the product. ELY-869 Elytron security realms cannot be used only for authorization

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: