You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org> on 2005/11/20 05:40:24 UTC

[jira] Created: (GERONIMO-1205) Security realms load XML login module definitions in reverse order

Security realms load XML login module definitions in reverse order
------------------------------------------------------------------

         Key: GERONIMO-1205
         URL: http://issues.apache.org/jira/browse/GERONIMO-1205
     Project: Geronimo
        Type: Bug
  Components: security  
    Versions: 1.0-M5    
    Reporter: Aaron Mulder
 Assigned to: Aaron Mulder 
    Priority: Critical
     Fix For: 1.0


When you use a LoginConfig XML element to define a series of Login Modules, the LoginConfigBuilder links them up backward (apparently because it was more straightforward to code that way).  However, login modules are sensitive to ordering, as based on the control flag, the results of certain modules may prevent a login process from ever reaching other modules.

Confirmed that JaasLoginModuleUse.next and GenericSecurityRealm.getAppConfigurationEntries both list module in reverse order.  JaasLoginService puts them in JaasSecuritySession in same bad order.  Doesn't look like anything that uses JaasSecuritySession reverses the order again to correct it.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Resolved: (GERONIMO-1205) Security realms load XML login module definitions in reverse order

Posted by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org>.

     [ http://issues.apache.org/jira/browse/GERONIMO-1205?page=all ]
     
Aaron Mulder resolved GERONIMO-1205:
------------------------------------

    Resolution: Fixed

Revision 345728

> Security realms load XML login module definitions in reverse order
> ------------------------------------------------------------------
>
>          Key: GERONIMO-1205
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1205
>      Project: Geronimo
>         Type: Bug
>   Components: security
>     Versions: 1.0-M5
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>     Priority: Critical
>      Fix For: 1.0

>
> When you use a LoginConfig XML element to define a series of Login Modules, the LoginConfigBuilder links them up backward (apparently because it was more straightforward to code that way).  However, login modules are sensitive to ordering, as based on the control flag, the results of certain modules may prevent a login process from ever reaching other modules.
> Confirmed that JaasLoginModuleUse.next and GenericSecurityRealm.getAppConfigurationEntries both list module in reverse order.  JaasLoginService puts them in JaasSecuritySession in same bad order.  Doesn't look like anything that uses JaasSecuritySession reverses the order again to correct it.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira