You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Alexander Klimetschek (JIRA)" <ji...@apache.org> on 2016/01/20 01:43:39 UTC

[jira] [Created] (OAK-3899) TokenLoginModule ignores shared key javax.security.auth.login.name

Alexander Klimetschek created OAK-3899:
------------------------------------------

             Summary: TokenLoginModule ignores shared key javax.security.auth.login.name
                 Key: OAK-3899
                 URL: https://issues.apache.org/jira/browse/OAK-3899
             Project: Jackrabbit Oak
          Issue Type: Bug
          Components: core
    Affects Versions: 1.3.14
            Reporter: Alexander Klimetschek


The TokenLoginModule and specifically [TokenProviderImpl only look at SimpleCredentials.getUserID()|https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java#L165] when creating a token.

However, in certain situations, such as the ExternalLoginModule, the SimpleCredentials are used but don't have a user id as the real user id is determined not by the caller of repository.login(), but by the external identity provider (and the credentials might not include any kind of user id, say an opaque token from an external service). In this case, getUserID() returns null and the token implementation fails to create a token and return it in the ".token" attribute of the credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)