[
https://issues.apache.org/jira/browse/GERONIMO-3406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Jencks closed GERONIMO-3406.
----------------------------------
Resolution: Fixed
Kevan merged this into 2.0.1 in rev 565912 and 2.0-SNAPSHOT in rev 565936
> "Auxilliary" login modules are mostly returning true instead of false
> ---------------------------------------------------------------------
>
> Key: GERONIMO-3406
> URL: https://issues.apache.org/jira/browse/GERONIMO-3406
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.x, 2.1
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0, 2.0.x, 2.1
>
>
> We have several login modules that don't do security checks but do look at
> and sometimes modify the Subject. These should never be able to result in a
> login succeeding, so they should be returning false from the various
> lifecycle methods.
> In a slightly related issue the SubjectRegistrationLoginModule should be
> first in the list so it will always get executed even if one of the other
> login modules is REQUISITE. This might mean we need to rethink if
> SubjectRegistrationLoginModule is an appropriate way to get the registration
> to happen.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
