[
https://issues.apache.org/jira/browse/OAK-8404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867510#comment-16867510
]
angela edited comment on OAK-8404 at 6/19/19 1:20 PM:
------------------------------------------------------
[~baedke], i am not totally convinced the patch is correct.... can you
elaborate why you want to add the extra check for admin principals? also: the
option you are looking for is part of the default authorization configuration.
i am not sure that it will show up in the {{AbstractLoginModule}} options.
and on a second thought: isn't rather the assumption incorrect that there must
be principals _and_ public credentials present in a subject in order for the
logout to be successful? i guess a test case illustrating the issue you wish to
fix would be helpful. the authentication chain doesn't make any difference
between admin and non-admin login and i suspect the admin-case is a special
case of a broader issue.
cc: [~stillalex]
was (Author: anchela):
[~baedke], i am not totally convinced the patch is correct.... can you
elaborate why you want to add the extra check for admin principals? also: the
option you are looking for is part of the default authorization configuration.
i am not sure that it will show up in the {{AbstractLoginModule}} options.
cc: [~stillalex]
> AbstractLoginModule#logout() may fail for impersonated users whose subject
> provides admin credentials
> -----------------------------------------------------------------------------------------------------
>
> Key: OAK-8404
> URL: https://issues.apache.org/jira/browse/OAK-8404
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security-spi
> Reporter: Manfred Baedke
> Assignee: Manfred Baedke
> Priority: Major
> Attachments: oak-8404.patch
>
>
> More precisely, this will happen when the subject doesn't provide public
> credentials.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
