[jira] [Updated] (OAK-1404) Pre-Authenticated login does not propagate principals in subject to AuthInfo class.

Tobias Bocanegra (JIRA) Thu, 06 Feb 2014 22:27:47 -0800

     [ 
https://issues.apache.org/jira/browse/OAK-1404?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tobias Bocanegra updated OAK-1404:
----------------------------------

    Description: 
Example:

{code}
systemSession = Subject.doAs(SystemSubject.INSTANCE, new 
PrivilegedExceptionAction<ContentSession>() {
    @Override
    public ContentSession run() throws LoginException, NoSuchWorkspaceException 
{
        return repository.login(null, null);
    }
});
{code}

Produces a session with no permissions.

I think there are 2 issues:

1. Pre-Authenticated logins do not set an AuthInfo to the public credentials of 
the Subject.
2. the AbstractAccessControlManager uses the AuthInfo.getPrincipals() to 
retrieve them. IMO, the principals should always match those of the subject and 
be retrieved from there.



  was:
Example:

{code}
systemSession = Subject.doAs(SystemSubject.INSTANCE, new 
PrivilegedExceptionAction<ContentSession>() {
    @Override
    public ContentSession run() throws LoginException, NoSuchWorkspaceException 
{
        return repository.login(null, null);
    }
});
{code}

Produces a session with no permissions.

I think there are 2 issues:

1. Pre-Authenticated logins do not set an AuthInfo to the public credentials of 
the login context.
2. the AbstractAccessControlManager uses the AuthInfo.getPrincipals() to 
retrieve them. IMO, the principals should always match those of the subject and 
be retrieved from there.




> Pre-Authenticated login does not propagate principals in subject to AuthInfo 
> class.
> -----------------------------------------------------------------------------------
>
>                 Key: OAK-1404
>                 URL: https://issues.apache.org/jira/browse/OAK-1404
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.15
>            Reporter: Tobias Bocanegra
>
> Example:
> {code}
> systemSession = Subject.doAs(SystemSubject.INSTANCE, new 
> PrivilegedExceptionAction<ContentSession>() {
>     @Override
>     public ContentSession run() throws LoginException, 
> NoSuchWorkspaceException {
>         return repository.login(null, null);
>     }
> });
> {code}
> Produces a session with no permissions.
> I think there are 2 issues:
> 1. Pre-Authenticated logins do not set an AuthInfo to the public credentials 
> of the Subject.
> 2. the AbstractAccessControlManager uses the AuthInfo.getPrincipals() to 
> retrieve them. IMO, the principals should always match those of the subject 
> and be retrieved from there.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

[jira] [Updated] (OAK-1404) Pre-Authenticated login does not propagate principals in subject to AuthInfo class.

Reply via email to