You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2019/06/19 13:21:00 UTC
[jira] [Comment Edited] (OAK-8404) AbstractLoginModule#logout() may
fail for impersonated users whose subject provides admin credentials
[ https://issues.apache.org/jira/browse/OAK-8404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867510#comment-16867510 ]
angela edited comment on OAK-8404 at 6/19/19 1:20 PM:
------------------------------------------------------
[~baedke], i am not totally convinced the patch is correct.... can you elaborate why you want to add the extra check for admin principals? also: the option you are looking for is part of the default authorization configuration. i am not sure that it will show up in the {{AbstractLoginModule}} options.
and on a second thought: isn't rather the assumption incorrect that there must be principals _and_ public credentials present in a subject in order for the logout to be successful? i guess a test case illustrating the issue you wish to fix would be helpful. the authentication chain doesn't make any difference between admin and non-admin login and i suspect the admin-case is a special case of a broader issue.
cc: [~stillalex]
was (Author: anchela):
[~baedke], i am not totally convinced the patch is correct.... can you elaborate why you want to add the extra check for admin principals? also: the option you are looking for is part of the default authorization configuration. i am not sure that it will show up in the {{AbstractLoginModule}} options.
cc: [~stillalex]
> AbstractLoginModule#logout() may fail for impersonated users whose subject provides admin credentials
> -----------------------------------------------------------------------------------------------------
>
> Key: OAK-8404
> URL: https://issues.apache.org/jira/browse/OAK-8404
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security-spi
> Reporter: Manfred Baedke
> Assignee: Manfred Baedke
> Priority: Major
> Attachments: oak-8404.patch
>
>
> More precisely, this will happen when the subject doesn't provide public credentials.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)