Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-905

Add protection of our GSSCredential added by the KerberosLoginModule

    XMLWordPrintable

Details

    Description

      GSSManager implementation can have an optimisation that attempts to obtain the GSSCredential from the private credentials in the Subject, in some situations such as JDBC drivers this can mean that a driver gets direct access to the credential we are supposed to be managing the lifecycle of.

      The optimisation is based on checking if it is an instance of GSSCredentialImpl - if not then GSSManager creates a new instance.

      This Jira issue is to wrap the instance we place in the Subject to prevent the optimisation kicking in. This then means code using the credential such as a JDBC driver is free to do what it wants with it's own credential without impacting on ours.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-843 Add protection of our GSSCredential added by the KerberosLoginModule

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: