Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-727

secureResponse with JASPIC called before service invocation instead of after

XMLWordPrintable

      WebJASPIAuthenticator in JBoss AS 7.1.1 and JBoss EAP 6.0.1 calls secureResponse right after validateRequest on a SAM has been called. The only intermediate code is registering the result of the callback handler with the container. The service invocation (e.g. calling a Servlet) is done afterwards, ie after the call to secureResponse.

      See the following fragment in WebJASPIAuthenticator:

          if (sam != null) {
            result = sam.isValid(messageInfo, clientSubject, messageLayer, appContext, cbh);
        }
 
        // the authentication process has been a success. We need to register the principal, username, password and roles
        // with the container
        if (result) {
            PasswordValidationCallback pvc = cbh.getPasswordValidationCallback();
            CallerPrincipalCallback cpc = cbh.getCallerPrincipalCallback();
 
            // get the client principal from the callback.
            Principal clientPrincipal = cpc.getPrincipal();
            if (clientPrincipal == null) {
                clientPrincipal = new SimplePrincipal(cpc.getName());
            }
 
            // if the client principal is not a jboss generic principal, we need to build one before registering.
            if (!(clientPrincipal instanceof JBossGenericPrincipal))
                clientPrincipal = this.buildJBossPrincipal(clientSubject, clientPrincipal);
 
            this.register(request, response, clientPrincipal, authMethod, pvc.getUsername(),
                    new String(pvc.getPassword()));
 
            if (this.secureResponse)
                sam.secureResponse(messageInfo, new Subject(), messageLayer, appContext, cbh);
        }

      However, section 3.8.3.3 of the JSR 196 (JASPIC) spec says that the semantics of secureResponse are as defined in Section 3.8.2.2, which thus means that secureResponse should be called after a service invocation. Figure 1.1 in Section 1.1 shows this as well, and the general flow as described is Section 3.8 also mentions this.

      So, in JBoss the sequence is

      validateRequest -> secureResponse -> Invoke Service

      While the spec seems to say it should be:

       
validateRequest -> Invoke Service -> secureResponse

      In the reference implementation GlassFish the sequence is indeed the latter one.

        1. 020-100-Real-Exam-Questions.pdf
          38 kB
        2. 112-51-free-pdf.pdf
          366 kB
        3. 156-215-81-20-dumps-questions.pdf
          37 kB
        4. 156-536-practice-exam.pdf
          278 kB
        5. 156-582-boot-camp.pdf
          290 kB
        6. 156-587-PDF-Download.pdf
          289 kB
        7. 1D0-1003-24-D-Practice-Questions.pdf
          36 kB
        8. 1D0-1032-24-D-dump.pdf
          36 kB
        9. 1D0-1033-24-D-Latest-Topics.pdf
          36 kB
        10. 1D0-1034-24-D-Exam-Questions.pdf
          34 kB
        11. 1D0-1035-24-D-cram.pdf
          33 kB
        12. 1D0-1038-24-D-free-pdf.pdf
          37 kB
        13. 1D0-1045-24-D-boot-camp.pdf
          33 kB
        14. 1D0-1046-24-D-study-guide.pdf
          35 kB
        15. 1D0-1047-24-D-boot-camp.pdf
          38 kB
        16. 1D0-1048-24-D-cheat-sheet.pdf
          34 kB
        17. 1D0-1049-24-D-Exam-dumps.pdf
          34 kB
        18. 1D0-1050-24-D-brain-dumps.pdf
          35 kB
        19. 1D0-1051-24-D-cheat-sheets.pdf
          34 kB
        20. 1D0-1052-24-D-dumps.pdf
          34 kB
        21. 1D0-1053-24-D-PDF-Download.pdf
          35 kB
        22. 1D0-1054-24-D-Cheatsheet.pdf
          32 kB
        23. 1D0-1055-24-D-exam-questions.pdf
          35 kB
        24. 1D0-1056-24-D-pdf-download.pdf
          34 kB
        25. 1D0-1058-23-D-test-prep.pdf
          37 kB
        26. 1D0-1058-24-D-sample-test.pdf
          35 kB
        27. 1D0-1059-24-D-questions-and-answers.pdf
          35 kB
        28. 1D0-1060-23-D-Study-Guide.pdf
          38 kB
        29. 1D0-1060-24-D-braindumps.pdf
          35 kB
        30. 1D0-1061-24-D-PDF-Download.pdf
          34 kB
        31. 1D0-1064-24-D-Practice-Test.pdf
          37 kB
        32. 1D0-1065-24-D-real-questions.pdf
          34 kB
        33. 1D0-1066-24-D-practice-questions.pdf
          36 kB
        34. 1D0-1068-24-D-Exam-Braindumps.pdf
          33 kB
        35. 1D0-1069-23-D-real-questions.pdf
          35 kB
        36. 1D0-1073-23-D-Exam-dumps.pdf
          35 kB
        37. 1D0-1073-24-D-braindumps.pdf
          35 kB
        38. 1D0-1074-24-D-Dumps.pdf
          36 kB
        39. 1D0-1075-24-D-brain-dumps.pdf
          34 kB
        40. 1D0-1077-24-D-Practice-test.pdf
          34 kB
        41. 1D0-1078-24-D-exam-prep.pdf
          35 kB
        42. 1D0-1079-23-D-Questions-and-Answers.pdf
          37 kB
        43. 1D0-1079-24-D-examcollection.pdf
          29 kB
        44. 1D0-1080-24-D-real-questions.pdf
          35 kB
        45. 1D0-1081-24-D-PDF-Dumps.pdf
          30 kB
        46. 1D0-1083-23-D-practice-test.pdf
          34 kB
        47. 1D0-1083-24-D-bootcamp.pdf
          36 kB
        48. 1D0-1086-24-D-PDF-Questions.pdf
          36 kB
        49. 1D0-1087-24-D-exam-dumps.pdf
          34 kB
        50. 1D0-1095-24-D-free-pdf.pdf
          34 kB
        51. 1D0-1138-24-D-Practice-Test.pdf
          33 kB
        52. 1D0-340-24-D-Test-Prep.pdf
          36 kB
        53. 1Z0-071-sample-test.pdf
          320 kB
        54. 1Z0-076-exam-questions.pdf
          315 kB
        55. 1Z0-1003-23-sample-test.pdf
          34 kB
        56. 1Z0-1003-24-Question-Bank.pdf
          33 kB
        57. 1Z0-1033-24-Real-Exam-Questions.pdf
          35 kB
        58. 1Z0-1035-24-practice-exam.pdf
          33 kB
        59. 1Z0-1042-24-examcollection.pdf
          294 kB
        60. 1Z0-1045-24-Question-Bank.pdf
          125 kB
        61. 1Z0-1046-24-VCE.pdf
          33 kB
        62. 1Z0-1047-24-PDF-Dumps.pdf
          283 kB
        63. 1Z0-1048-24-Exam-Questions.pdf
          35 kB
        64. 1Z0-1049-24-Study-Guide.pdf
          34 kB
        65. 1Z0-1051-24-questions-answers.pdf
          33 kB
        66. 1Z0-1052-24-braindumps.pdf
          112 kB
        67. 1Z0-1053-24-Free-PDF.pdf
          36 kB
        68. 1Z0-1054-24-PDF-Braindumps.pdf
          35 kB
        69. 1Z0-1056-24-free-pdf.pdf
          36 kB
        70. 1Z0-1059-24-questions-and-answers.pdf
          36 kB
        71. 1Z0-1060-24-braindumps.pdf
          291 kB
        72. 1Z0-1061-24-Free-Exam-PDF.pdf
          35 kB
        73. 1Z0-1064-24-practice-questions.pdf
          36 kB
        74. 1Z0-1065-24-test-questions.pdf
          35 kB
        75. 1Z0-1066-24-free-pdf.pdf
          288 kB
        76. 1Z0-1067-24-cram.pdf
          289 kB
        77. 1Z0-1068-24-Latest-Questions.pdf
          29 kB
        78. 1Z0-106-practice-test.pdf
          281 kB
        79. 1Z0-1071-24-real-questions.pdf
          34 kB
        80. 1Z0-1072-24-VCE.pdf
          282 kB
        81. 1Z0-1073-23-dump.pdf
          34 kB
        82. 1Z0-1073-24-exam-prep.pdf
          35 kB
        83. 1Z0-1074-23-test-prep.pdf
          293 kB
        84. 1Z0-1074-24-Exam-Questions.pdf
          37 kB
        85. 1Z0-1075-24-test-prep.pdf
          318 kB
        86. 1Z0-1077-24-braindumps.pdf
          34 kB
        87. 1Z0-1078-24-test-prep.pdf
          35 kB
        88. 1Z0-1080-24-braindumps.pdf
          35 kB
        89. 1Z0-1081-24-Exam-Cram.pdf
          37 kB
        90. 1Z0-1082-24-study-guide.pdf
          36 kB
        91. 1Z0-1083-24-study-guide.pdf
          36 kB
        92. 1Z0-1084-24-study-guide.pdf
          296 kB
        93. 1Z0-1085-24-practice-exam.pdf
          284 kB
        94. 1Z0-1086-23-braindumps.pdf
          108 kB
        95. 1Z0-1086-24-Actual-Questions.pdf
          37 kB
        96. 1Z0-1087-23-exam-prep.pdf
          282 kB
        97. 1Z0-1087-24-real-questions.pdf
          34 kB
        98. 1Z0-1095-24-practice-test.pdf
          35 kB
        99. 1Z0-1108-2-Questions-and-Answers.pdf
          37 kB
        100. 1Z0-1109-24-exam-prep.pdf
          363 kB
        101. 1Z0-1119-1-practice-exam.pdf
          253 kB
        102. 1Z0-1122-24-cram.pdf
          295 kB
        103. 1Z0-1123-24-braindumps.pdf
          289 kB
        104. 1Z0-1124-24-free-pdf.pdf
          35 kB
        105. 1Z0-1127-24-Practice-test.pdf
          289 kB
        106. 1Z0-1138-24-Questions-and-Answers.pdf
          35 kB
        107. 1Z0-340-24-cheat-sheet.pdf
          33 kB
        108. 1Z0-915-1-Exam-Questions.pdf
          302 kB
        109. 250-580-braindumps.pdf
          300 kB
        110. 250-586-questions-answers.pdf
          307 kB
        111. 2V0-31-24-Exam-Questions.pdf
          319 kB
        112. 2V0-32-22-cheat-sheets.pdf
          322 kB
        113. 2V0-41-24-free-pdf.pdf
          286 kB
        114. 300-440-test-questions.pdf
          667 kB
        115. 303-questions-and-answers.pdf
          278 kB
        116. 312-40-brain-dumps.pdf
          296 kB
        117. 3V0-31-22-Practice-Test.pdf
          269 kB
        118. 3V0-61-24-dumps.pdf
          38 kB
        119. 402-Dumps.pdf
          274 kB
        120. 5V0-31-23-brain-dumps.pdf
          299 kB
        121. 5V0-33-23-braindumps.pdf
          36 kB
        122. 5V0-63-21-Questions-and-Answers.pdf
          307 kB
        123. 700-245-test-prep.pdf
          304 kB
        124. 700-695-exam-prep.pdf
          293 kB
        125. 700-750-braindumps.pdf
          284 kB
        126. 700-826-free-pdf.pdf
          297 kB
        127. 78201X-dumps-questions.pdf
          284 kB
        128. 8020-mock-exam.pdf
          318 kB
        129. AACE-PSP-real-questions.pdf
          280 kB
        130. AAFCS-exam-questions.pdf
          36 kB
        131. ABCTE-Biology-exam-dumps.pdf
          35 kB
        132. AB-free-pdf.pdf
          33 kB
        133. ABVM-ENDO-practice-test.pdf
          34 kB
        134. ABVM-VASC-cheat-sheets.pdf
          34 kB
        135. ACA100-exam-prep.pdf
          307 kB
        136. ACCESS-DEF-exam-dumps.pdf
          334 kB
        137. ACCS-Practice-Test.pdf
          33 kB
        138. ACCUPLACER-Questions-and-Answers.pdf
          35 kB
        139. ACD101-study-guide.pdf
          280 kB
        140. ACE-GFI-test-prep.pdf
          34 kB
        141. ACS-Actual-Questions.pdf
          33 kB
        142. ACS-General-Chemistry-Practice-Test.pdf
          40 kB
        143. ACT-Aspire-real-questions.pdf
          35 kB
        144. ACT-Exam-Questions.pdf
          28 kB
        145. AD0-E124-Free-PDF.pdf
          34 kB
        146. AD0-E126-mock-exam.pdf
          290 kB
        147. AD0-E207-PDF-Braindumps.pdf
          301 kB
        148. AD0-E212-questions-and-answers.pdf
          36 kB
        149. AD0-E330-dumps.pdf
          286 kB
        150. AD0-E555-questions-answers.pdf
          681 kB
        151. AD0-E906-braindumps.pdf
          303 kB
        152. AD0-E908-PDF-Download.pdf
          294 kB
        153. Advanced-CAMS-Audit-real-questions.pdf
          304 kB

              Unassigned Unassigned
              arjan.tijms@gmail.com Arjan Tijms (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: