SecurityContext doesn't work with WebLogic Principals
-----------------------------------------------------
Key: AMQ-904
URL: https://issues.apache.org/activemq/browse/AMQ-904
Project: ActiveMQ
Issue Type: Bug
Components: Broker
Affects Versions: 4.0.1
Reporter: Aaron Mulder
SecurityContext.isInOneOf attempts to determine whether a user has one of a set
of possible principals. It does this by using HashSet.retainAll, which relies
on equals and hashcode.
This doesn't work for WebLogic principals (the variable "set" in that method
always ends up empty). I'm not totally clear on why, but I notice that the
principals generated by a WebLogic authentication have signature data, while
the principals created as the "eligible principals" using the same WebLogic
classes (weblogic.security.principal.WLSGroupImpl) have null signature data. I
speculate that WebLogic signs the principals it creates and that equals and/or
hashCode consider the signature.
It would be ideal if SecurityContext.isInOneOf manually compared the principal
class and principal name instead of relying on the equals and/or hashCode
methods of the underlying principal class.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
