Uploaded image for project: 'WildFly Elytron EE'
  1. WildFly Elytron EE
  2. ELYEE-36

ElytronCallerDetailsResolver.getPrincipalsByType does not include subtypes

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 3.0.3.Final
    • 3.0.0.Final, 3.0.1.Final
    • Security
    • None
    • Hide

      Create a deployment (e.g. example.war) which has 2 different Principals and of which one is a subclass of the other. Then request the principal from the SecurityContext by the method getPrincipalsByType using the superclass Principal class. 

      Expected result: obtain an instance of the subclass.

      Real result: received a null reference.

      Show
      Create a deployment (e.g. example.war) which has 2 different Principals and of which one is a subclass of the other. Then request the principal from the SecurityContext by the method getPrincipalsByType using the superclass Principal class.  Expected result: obtain an instance of the subclass. Real result: received a null reference.

      Hi,

      There is a bug in ElytronCallerDetailsResolver on line 47. Because the isAssignableFrom call is inverted subtypes are not considered as valid principals. This is wrong I think. For example, we have AppUsers and AppAdminUsers as principals and in fact AppAdminUsers are also AppUsers. However the resolver will discard any AppAdminUsers requested by getPrincipalsByType(AppUser.class).

      Could you fix this? In fact it makes wildfly 28 break all our apps.

      regards,

      Roel

       

      original issue: https://github.com/wildfly-security/wildfly-elytron-ee/issues/25

            dvilkola@redhat.com Diana Krepinska
            r.j.meeuws@gmail.com Roel MEEUWS
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: