clebertsuconic commented on code in PR #5518:
URL: https://github.com/apache/activemq-artemis/pull/5518#discussion_r1972764182
##########
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java:
##########
@@ -258,6 +263,27 @@ public String authenticate(final String user,
return null;
}
+ /*
+ * Verify that the Subject (if not null) contains at least one instance of
the expected java.security.Principal
+ * implementation. This check is done before any caching because a failure
here is considered an infrastructure
+ * failure and not something which should be cached as opposed to a
"normal" authentication failure (e.g. wrong
+ * password) which should be cached.
+ */
+ private boolean validateExpectedUserPrincipal(Subject subject) throws
ClassNotFoundException {
+ if (subject != null) {
+ Class expectedPrincipal = UserPrincipal.class;
+ if (securityManager instanceof ActiveMQJAASSecurityManager
jaasManager) {
+ expectedPrincipal =
Class.forName(jaasManager.getUserPrincipalClass());
+ }
+
+ if (subject.getPrincipals(expectedPrincipal).size() == 0) {
Review Comment:
that's very specific for the implemention.. isn't?
Isn't there a way to make this more generic?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org
For additional commands, e-mail: gitbox-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact
