Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11417

PicketBoxBasedIdentity.exists() should check if a valid JAAS Subject exists instead of always returning true

XMLWordPrintable

      The RealmIdentity.exists() method should be used to verify if a valid identity exists before an attempt to call other non-authentication methods - e.g. getAuthorizationIdentity() - is made.

      The PicketBoxBasedIdentity implementation in the SecurityDomainContextRealm is erroneously returning true when in fact it should be checking if a valid Subject was established as part of a previous JAAS authentication.

      The getAuthorizationIdentity() method can then simply throw an Exception if it is called without a valid JAAS Subject in place. Client code should check the result of the exists() method before attempting to get an AuthorizationIdentity so any code invoking getAuthorizationIdentity() without checking first if a valid identity exists should fail.

              sguilhen Stefan Guilhen
              sguilhen Stefan Guilhen
              Ondrej Lukas Ondrej Lukas (Inactive)
              Ondrej Lukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: