[jira] Created: (JSPWIKI-140) Problem with Authentication using JBoss LDAP - custom LDAP roles such as "Authenticated" still required?

Fri, 18 Jan 2008 03:20:54 -0800 

Problem with Authentication using JBoss LDAP - custom LDAP roles such as 
"Authenticated" still required?
--------------------------------------------------------------------------------------------------------

                 Key: JSPWIKI-140
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-140
             Project: JSPWiki
          Issue Type: Bug
          Components: Authentication&Authorization
    Affects Versions: 2.6.1
         Environment: JBoss 4.2.2
JspWiki 2.6.1 cvs 7
JRockit R27.4  (= JDK 1.6.0_02)

            Reporter: Milton Taylor


I'm having a problem that I think I have tracked down to this change? Maybe it 
doesn't quite work as it was intended:

From: Ver 2.5.26 change history

* Minor enhancement to WikiSession now allows full use of non-JSPWiki
        supplied JAAS LoginModules in the JSPWiki-custom configuration. 
Previously,
        we considered a user to be authenticated only if a LoginModule had added
        Role.AUTHENTICATED to the Subject's principal set. This is clearly
        unreasonable for LoginModules that have no knowledge of JSPWiki, such
        as Sun's supplied modules or third-party modules used for LDAP
        authentication. Now, we consider a user authenticated if they are
        not anonymous and not asserted, and we lazily add Role.AUTHENTICATED
        in these cases, after login.

I'm using container managed authentication, and JBoss LDAP authenticator 
module. The authentication itself is not working properly unless the user is 
also a member of role (ldap group) "Authenticated". I first came across this 
issue when running an earlier version of 2.5, probably after this change was 
made I'm not sure.

I turned on security logging to diagnose what was going on, and authentication 
itself is succeeding but jspwiki then goes looking for the Authenticated role 
in the principals, and of course is not finding it.  Is it possible there is a 
race condition here....(esp as I notice the observed behavior is actually quite 
erratic once you hit the login button on jspwiki).  If the Role.AUTHENTICATED 
is being added 'lazily', I think it's not being added quickly enough?




-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to