[JBoss-dev] [ jboss-Patches-1003258 ] JaasSecurityManager and caching of X509Certificate chains

[SourceForge.net]

Patches item #1003258, was opened at 2004-08-04 15:23
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376687&aid=1003258&group_id=22866

Category: JBossSX
Group: v3.2
Status: Open
Resolution: None
Priority: 5
Submitted By: Rolf Arne Corneliussen (rolfarne)
Assigned to: Nobody/Anonymous (nobody)
Summary: JaasSecurityManager and caching of X509Certificate chains 

Initial Comment:
I have a Login module that I use with SSL client 
certificates. The log from the module suggests that it is 
invoked by the JaasSecurityManager on every client call, 
even when the client (and principal) is previously 
authenticated, and the principal is in the cache. Other 
username/password based modules do not show this 
behavior.

Below is a patch to JaasSecurityManager that compares 
arrarys of X509Certificates in the validateCache method 
(don't know if this form causes some odd linebreaks):

---JaasSecurityManager.java       2004-06-04 
02:31:50.000000000 +0200
+++ JaasSecurityManager.java    2004-08-04 
14:26:58.000000000 +0200
@@ -10,6 +10,7 @@
 import java.lang.reflect.UndeclaredThrowableException;
 import java.security.Principal;
 import java.security.acl.Group;
+import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.HashSet;
@@ -515,6 +516,12 @@
             byte[] a2 = (byte[]) credential;
             isValid = Arrays.equals(a1, a2);
          }
+         else if ( subjectCredential instanceof 
X509Certificate[] )
+         {
+            X509Certificate[] a1 = (X509Certificate[]) 
subjectCredential;
+            X509Certificate[] a2 = (X509Certificate[]) 
credential;
+            isValid = Arrays.equals(a1, a2);
+         }
          else
          {
             isValid = subjectCredential.equals(credential);


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376687&aid=1003258&group_id=22866


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development