You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Gary Tully (JIRA)" <ji...@apache.org> on 2008/09/08 16:55:57 UTC
[jira] Updated: (AMQ-904) SecurityContext doesn't work with
WebLogic Principals
[ https://issues.apache.org/activemq/browse/AMQ-904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Tully updated AMQ-904:
---------------------------
Fix Version/s: 5.3.0
(was: 5.2.0)
> SecurityContext doesn't work with WebLogic Principals
> -----------------------------------------------------
>
> Key: AMQ-904
> URL: https://issues.apache.org/activemq/browse/AMQ-904
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 4.0.1
> Reporter: Aaron Mulder
> Fix For: 5.3.0
>
>
> SecurityContext.isInOneOf attempts to determine whether a user has one of a set of possible principals. It does this by using HashSet.retainAll, which relies on equals and hashcode.
> This doesn't work for WebLogic principals (the variable "set" in that method always ends up empty). I'm not totally clear on why, but I notice that the principals generated by a WebLogic authentication have signature data, while the principals created as the "eligible principals" using the same WebLogic classes (weblogic.security.principal.WLSGroupImpl) have null signature data. I speculate that WebLogic signs the principals it creates and that equals and/or hashCode consider the signature.
> It would be ideal if SecurityContext.isInOneOf manually compared the principal class and principal name instead of relying on the equals and/or hashCode methods of the underlying principal class.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.