Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7096

Security domain casche dosn't respect infinispan settings

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 10.0.0.Final, 10.1.0.Final
    • Security
    • None

    • Tested on Windows 7

      In securitydomain we can set "casche-type" to infinispan. Auntentication request ara now stored in infinispan casch, but any settings of this casche (configured in infinispan subsystem) are not applied. Casche is always stored in memory and never expiries.

      This is serious security issue because after first authentication request credentials, will never be verified again.

        1. standalone.xml
          21 kB
        2. test_webapp.zip
          2 kB
        3. patch.txt
          2 kB

              darran.lofthouse@redhat.com Darran Lofthouse
              marcinf_jira Marcin Fatyga (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: