[
https://issues.apache.org/jira/browse/OAK-1404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13913041#comment-13913041
]
angela commented on OAK-1404:
-----------------------------
regarding 1: that's the duty of the application that performs the
authentication in the first place.
regarding 2: i don't want to spread the Subject throughout the code base as we
did in jackrabbit core.
regarding workaround: fine with me.
> Pre-Authenticated login does not propagate principals in subject to AuthInfo
> class.
> -----------------------------------------------------------------------------------
>
> Key: OAK-1404
> URL: https://issues.apache.org/jira/browse/OAK-1404
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
> Affects Versions: 0.15
> Reporter: Tobias Bocanegra
>
> Example:
> {code}
> systemSession = Subject.doAs(SystemSubject.INSTANCE, new
> PrivilegedExceptionAction<ContentSession>() {
> @Override
> public ContentSession run() throws LoginException,
> NoSuchWorkspaceException {
> return repository.login(null, null);
> }
> });
> {code}
> Produces a session with no permissions.
> I think there are 2 issues:
> 1. Pre-Authenticated logins do not set an AuthInfo to the public credentials
> of the Subject.
> 2. the AbstractAccessControlManager uses the AuthInfo.getPrincipals() to
> retrieve them. IMO, the principals should always match those of the subject
> and be retrieved from there.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
