Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-5809

Add possibility to obtain custom principal from Elytron

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • None
    • None
    • Security
    • None

    Description

      Users migrating from legacy security that were using custom login modules could use custom principals as well. 

      Elytron realms require principal to be instance of NamePrincipal for authentication. All current principal transformers take place before the authentication and NamePrincipal is final class, so custom principals can not be returned from Elytron. 

      Current solution for such users is to use SecurityIdentity obtained from current SecurityDomain and utilize SecurityIdentity' attributes to obtain information from realms. This solution has a drawback of having to change the application code when migrating and having to rely on SecurityDomain and SecurityIdentity instead of more generic and standardized methods like SecurityContext.getCallerPrincipal() .

      This issue is to add possibility to obtain custom principal from Elytron. Possible solution is to introduce new principal transformer resource that takes place after authentication and can use SecurityIdentity's attributes to transfer information and map it a custom principal type at the end.

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-24520 EESecurityAnnotationProcessor does not detect injections

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-24521 Update getRealmIdentity so that it attempts to convert the given Principal to NamePrincipal if necessary

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              Unassigned Unassigned
              dvilkola@redhat.com Diana Krepinska
              Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: