[JBoss-dev] [JBoss JIRA] Closed: (JBAS-1456) Login module is executed twice from web tier initiated authentication

Tue, 15 Feb 2005 08:06:50 -0800 

     [ http://jira.jboss.com/jira/browse/JBAS-1456?page=history ]
     
Scott M Stark closed JBAS-1456:
-------------------------------

      Assign To: Scott M Stark
     Resolution: Done
    Fix Version: JBossAS-5.0 Alpha

The JBossSecurityMgrRealm was converting the string password to a char[] since 
that is the desired form of the password, but the session subject was cached 
with the original string password input. The JBossSecurityMgrRealm now just 
uses the password as input.

> Login module is executed twice from web tier initiated authentication
> ---------------------------------------------------------------------
>
>          Key: JBAS-1456
>          URL: http://jira.jboss.com/jira/browse/JBAS-1456
>      Project: JBoss Application Server
>         Type: Bug
>   Components: Security, Web (Tomcat) service
>     Versions: JBossAS-4.0.1 Final,  JBossAS-3.2.7 Final
>     Reporter: Scott M Stark
>     Assignee: Scott M Stark
>      Fix For:  JBossAS-4.0.2RC1,  JBossAS-4.0.1 SP1,  JBossAS-3.2.8 Final, 
> JBossAS-5.0 Alpha

>
>
> There is a mismatch between the initial authentication of a web request 
> against the security domain associated with a web app and subsequent 
> validation of the session credentials that cause the login modules to be 
> executed twice. The first time a char[] password is used while subsequent 
> authentications use a String password.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.jboss.com/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-Development mailing list
JBoss-Development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to