You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2019/06/19 13:21:00 UTC

[jira] [Comment Edited] (OAK-8404) AbstractLoginModule#logout() may fail for impersonated users whose subject provides admin credentials

    [ https://issues.apache.org/jira/browse/OAK-8404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867510#comment-16867510 ] 

angela edited comment on OAK-8404 at 6/19/19 1:20 PM:
------------------------------------------------------

[~baedke], i am not totally convinced the patch is correct.... can you elaborate why you want to add the extra check for admin principals? also: the option you are looking for is part of the default authorization configuration. i am not sure that it will show up in the {{AbstractLoginModule}} options.

and on a second thought: isn't rather the assumption incorrect that there must be principals _and_ public credentials present in a subject in order for the logout to be successful? i guess a test case illustrating the issue you wish to fix would be helpful. the authentication chain doesn't make any difference between admin and non-admin login and i suspect the admin-case is a special case of a broader issue.

cc: [~stillalex]


was (Author: anchela):
[~baedke], i am not totally convinced the patch is correct.... can you elaborate why you want to add the extra check for admin principals? also: the option you are looking for is part of the default authorization configuration. i am not sure that it will show up in the {{AbstractLoginModule}} options.

cc: [~stillalex]

> AbstractLoginModule#logout() may fail for impersonated users whose subject provides admin credentials
> -----------------------------------------------------------------------------------------------------
>
>                 Key: OAK-8404
>                 URL: https://issues.apache.org/jira/browse/OAK-8404
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: security-spi
>            Reporter: Manfred Baedke
>            Assignee: Manfred Baedke
>            Priority: Major
>         Attachments: oak-8404.patch
>
>
> More precisely, this will happen when the subject doesn't provide public credentials.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)