You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2014/02/07 07:27:19 UTC

[jira] [Updated] (OAK-1404) Pre-Authenticated login does not propagate principals in subject to AuthInfo class.

     [ https://issues.apache.org/jira/browse/OAK-1404?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tobias Bocanegra updated OAK-1404:
----------------------------------

    Description: 
Example:

{code}
systemSession = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() {
    @Override
    public ContentSession run() throws LoginException, NoSuchWorkspaceException {
        return repository.login(null, null);
    }
});
{code}

Produces a session with no permissions.

I think there are 2 issues:

1. Pre-Authenticated logins do not set an AuthInfo to the public credentials of the Subject.
2. the AbstractAccessControlManager uses the AuthInfo.getPrincipals() to retrieve them. IMO, the principals should always match those of the subject and be retrieved from there.



  was:
Example:

{code}
systemSession = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() {
    @Override
    public ContentSession run() throws LoginException, NoSuchWorkspaceException {
        return repository.login(null, null);
    }
});
{code}

Produces a session with no permissions.

I think there are 2 issues:

1. Pre-Authenticated logins do not set an AuthInfo to the public credentials of the login context.
2. the AbstractAccessControlManager uses the AuthInfo.getPrincipals() to retrieve them. IMO, the principals should always match those of the subject and be retrieved from there.




> Pre-Authenticated login does not propagate principals in subject to AuthInfo class.
> -----------------------------------------------------------------------------------
>
>                 Key: OAK-1404
>                 URL: https://issues.apache.org/jira/browse/OAK-1404
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.15
>            Reporter: Tobias Bocanegra
>
> Example:
> {code}
> systemSession = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() {
>     @Override
>     public ContentSession run() throws LoginException, NoSuchWorkspaceException {
>         return repository.login(null, null);
>     }
> });
> {code}
> Produces a session with no permissions.
> I think there are 2 issues:
> 1. Pre-Authenticated logins do not set an AuthInfo to the public credentials of the Subject.
> 2. the AbstractAccessControlManager uses the AuthInfo.getPrincipals() to retrieve them. IMO, the principals should always match those of the subject and be retrieved from there.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)