Uploaded image for project: 'JBoss Remoting (3+)'
  1. JBoss Remoting (3+)
  2. REM3-275

Digest auth does not use correct protocol when performing user switching

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 5.0.0.Beta23
    • None
    • None

      For the initial authentication the 'protocol' part of the digest-uri is determined by:

      final String protocol = optionMap.get(RemotingOptions.SASL_PROTOCOL, RemotingOptions.DEFAULT_SASL_PROTOCOL);

      This means that for both the server and the client the protocol turns out to be 'remote' (most of the time).

      When using authentication switching however the 'protocol' part of the URI is used, which means that the authentication is sensitive to the actual URI provided to the client. In particular on the server side org.jboss.as.remoting.RemotingHttpUpgradeService hard codes the 'http-remoting' protocol name so a client that has created a connection with 'remote+http' will not be able to use user switching.

              dlloyd@redhat.com David Lloyd
              sdouglas1@redhat.com Stuart Douglas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: