[ https://issues.apache.org/jira/browse/GERONIMO-3406?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods updated GERONIMO-3406: ----------------------------------- Fix Version/s: (was: 2.0) (was: 2.0.x) 2.0.1 updated Fixed For field > "Auxilliary" login modules are mostly returning true instead of false > --------------------------------------------------------------------- > > Key: GERONIMO-3406 > URL: https://issues.apache.org/jira/browse/GERONIMO-3406 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 2.0, 2.0.x, 2.1 > Reporter: David Jencks > Assignee: David Jencks > Fix For: 2.0.1, 2.1 > > > We have several login modules that don't do security checks but do look at > and sometimes modify the Subject. These should never be able to result in a > login succeeding, so they should be returning false from the various > lifecycle methods. > In a slightly related issue the SubjectRegistrationLoginModule should be > first in the list so it will always get executed even if one of the other > login modules is REQUISITE. This might mean we need to rethink if > SubjectRegistrationLoginModule is an appropriate way to get the registration > to happen. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.