[
https://issues.apache.org/jira/browse/CXF-5603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-5603.
--------------------------------------
Resolution: Fixed
> The DefaultSecurityContext should use a supplied username to help find the
> User Principal
> -----------------------------------------------------------------------------------------
>
> Key: CXF-5603
> URL: https://issues.apache.org/jira/browse/CXF-5603
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.7.10
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 3.0.0, 2.7.11
>
>
> The JAASLoginInterceptor populates the DefaultSecurityContext using the
> authenticated JAAS Subject. It tries to find the user principal, as opposed
> to the roles, by finding the first non-Group principal. However, in the case
> of a JAAS implementation that doesn't store roles as Groups, it may end up
> storing a role as the user principal. This task is to first try to match the
> given username against the non-Group principals, and then to default to the
> old behaviour.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
