[
https://issues.apache.org/jira/browse/GERONIMO-3406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Donald Woods updated GERONIMO-3406:
-----------------------------------
Fix Version/s: (was: 2.0)
(was: 2.0.x)
2.0.1
updated Fixed For field
> "Auxilliary" login modules are mostly returning true instead of false
> ---------------------------------------------------------------------
>
> Key: GERONIMO-3406
> URL: https://issues.apache.org/jira/browse/GERONIMO-3406
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.x, 2.1
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0.1, 2.1
>
>
> We have several login modules that don't do security checks but do look at
> and sometimes modify the Subject. These should never be able to result in a
> login succeeding, so they should be returning false from the various
> lifecycle methods.
> In a slightly related issue the SubjectRegistrationLoginModule should be
> first in the list so it will always get executed even if one of the other
> login modules is REQUISITE. This might mean we need to rethink if
> SubjectRegistrationLoginModule is an appropriate way to get the registration
> to happen.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
