[
https://issues.apache.org/jira/browse/KARAF-6158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16770159#comment-16770159
]
Matt Pavlovich commented on KARAF-6158:
---------------------------------------
I haven't had a chance to debug this down. What it appears is that all the
Principals get thrown into a single Set<> or List<> and I suspect somewhere in
the layers, someone is pulling off the first Principal and expecting it to be
the UserPrincipal for the SecurityContext. Off topic <being rant>Why the
SecurityContext does not include all principal is beyond me!</end rant>
> SecurityContext returns RolePrincipal instead of UserPrincipal in JAX-RS
> ------------------------------------------------------------------------
>
> Key: KARAF-6158
> URL: https://issues.apache.org/jira/browse/KARAF-6158
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.1.5
> Reporter: Matt Pavlovich
> Assignee: Jean-Baptiste Onofré
> Priority: Major
>
> The SecurityContext in a CXFJAX-RS service is ~75% of the time returning a
> RolePrincipal instead of UserPrincipal.
> * Custom JAAS provider
> * Only one JAAS provider
> * Realm named 'karaf'
> Seems like same issue posted to karaf-users mailinglist [Nabble
> link|http://karaf.922171.n3.nabble.com/securityContext-getUserPrincipal-in-JAX-RS-return-unexpected-RolePrincipal-Why-tt4053628.html]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
