Ok. I can't find that original bug number though, can you?
----- Original Message -----
From: "Rasmussen Jason-P27798" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 13, 2001 10:38 AM
Subject: [JBoss-dev] Bug 439813 - Not fixed properly
> The JaasSecurityManager does not set the activeSubject for the thread
after the unauthenticated user has already been authenticated. The problem
exists in the method validateCache, please see the code segments below.
>
> Jason Rasmussen
> [EMAIL PROTECTED]
>
> ***** Original Code ********
> /** Validate the cache credential value against the provided
credential
> */
> private boolean validateCache(DomainInfo info, Object credential)
> {
> Object subjectCredential = info.credential;
> boolean isValid = false;
> // Check for a null credential as can be the case for an anonymou
user
> if( credential == null )
> {
> // Subject credential must also be null
> isValid = subjectCredential == null;
> }
> if( isValid == true )
> return true;
>
> if(
subjectCredential.getClass().isAssignableFrom(credential.getClass()) ==
false )
> return false;
>
> if( subjectCredential instanceof Comparable )
> {
> Comparable c = (Comparable) subjectCredential;
> isValid = c.compareTo(credential) == 0;
> }
> else if( subjectCredential instanceof char[] )
> {
> char[] a1 = (char[]) subjectCredential;
> char[] a2 = (char[]) credential;
> isValid = Arrays.equals(a1, a2);
> }
> else if( subjectCredential instanceof byte[] )
> {
> byte[] a1 = (byte[]) subjectCredential;
> byte[] a2 = (byte[]) credential;
> isValid = Arrays.equals(a1, a2);
> }
> else
> {
> isValid = subjectCredential.equals(credential);
> }
>
> if( isValid )
> {
> activeSubject.set(info.subject);
> }
>
> return isValid;
> }
>
> ***** Suggested Fix ********
>
> /** Validate the cache credential value against the provided
credential
> */
> private boolean validateCache(DomainInfo info, Object credential)
> {
> Object subjectCredential = info.credential;
> boolean isValid = false;
> // Check for a null credential as can be the case for an anonymous
user
> if( credential == null )
> {
> // Subject credential must also be null
> isValid = subjectCredential == null;
> }
> else
> {
> if(
subjectCredential.getClass().isAssignableFrom(credential.getClass()) ==
false )
> return false;
>
> if( subjectCredential instanceof Comparable )
> {
> Comparable c = (Comparable) subjectCredential;
> isValid = c.compareTo(credential) == 0;
> }
> else if( subjectCredential instanceof char[] )
> {
> char[] a1 = (char[]) subjectCredential;
> char[] a2 = (char[]) credential;
> isValid = Arrays.equals(a1, a2);
> }
> else if( subjectCredential instanceof byte[] )
> {
> byte[] a1 = (byte[]) subjectCredential;
> byte[] a2 = (byte[]) credential;
> isValid = Arrays.equals(a1, a2);
> }
> else
> {
> isValid = subjectCredential.equals(credential);
> }
> }
>
> if( isValid )
> {
> activeSubject.set(info.subject);
> }
>
> return isValid;
> }
>
> _______________________________________________
> Jboss-development mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-development
>
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
