Colm O hEigeartaigh created CXF-5603:
----------------------------------------
Summary: The DefaultSecurityContext should use a supplied username
to help find the User Principal
Key: CXF-5603
URL: https://issues.apache.org/jira/browse/CXF-5603
Project: CXF
Issue Type: Bug
Affects Versions: 2.7.10
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 3.0.0, 2.7.11
The JAASLoginInterceptor populates the DefaultSecurityContext using the
authenticated JAAS Subject. It tries to find the user principal, as opposed to
the roles, by finding the first non-Group principal. However, in the case of a
JAAS implementation that doesn't store roles as Groups, it may end up storing a
role as the user principal. This task is to first try to match the given
username against the non-Group principals, and then to default to the old
behaviour.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
