Tobias Bocanegra created OAK-1404:
-------------------------------------
Summary: Pre-Authenticated login does not propagate principals in
subject to AuthInfo class.
Key: OAK-1404
URL: https://issues.apache.org/jira/browse/OAK-1404
Project: Jackrabbit Oak
Issue Type: Bug
Components: security
Affects Versions: 0.15
Reporter: Tobias Bocanegra
Example:
{code}
systemSession = Subject.doAs(SystemSubject.INSTANCE, new
PrivilegedExceptionAction<ContentSession>() {
@Override
public ContentSession run() throws LoginException, NoSuchWorkspaceException
{
return repository.login(null, null);
}
});
{code}
Produces a session with no permissions.
I think there are 2 issues:
1. Pre-Authenticated logins do not set an AuthInfo to the public credentials of
the login context.
2. the AbstractAccessControlManager uses the AuthInfo.getPrincipals() to
retrieve them. IMO, the principals should always match those of the subject and
be retrieved from there.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
