[jira] [Updated] (OAK-8710) AbstractLoginModule#logout() may fail in the presence of principals unknown to Oak.

[Manfred Baedke (Jira)]

     [ 
https://issues.apache.org/jira/browse/OAK-8710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Manfred Baedke updated OAK-8710:
--------------------------------
    Description: 
See 
https://github.com/apache/jackrabbit-oak/blob/9569d659f0655d3ba16c1cfe1fbb5f53959f701f/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java#L189:

The criterion for logout() to succeed is
{code}!subject.getPrincipals().isEmpty() && 
!subject.getPublicCredentials(Credentials.class).isEmpty(){code}
This did not work in a case where the subject was created by a thread handling 
an authenticated JMX connection (and later passed on to other threads due to 
AccessControlContext inheritage).

I'd propose to make logout() succeed unconditionally, but I'm not entirely sure 
about side effects.

  was:
See 
https://github.com/apache/jackrabbit-oak/blob/9569d659f0655d3ba16c1cfe1fbb5f53959f701f/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java#L189:
The criterion for logout() to succeed is
{code}!subject.getPrincipals().isEmpty() && 
!subject.getPublicCredentials(Credentials.class).isEmpty(){code}
This did not work in a case where the subject was created by a thread handling 
an authenticated JMX connection (and later passed on to other threads due to 
AccessControlContext inheritage).

I'd propose to make logout() succeed unconditionally, but I'm not entirely sure 
about side effects.


> AbstractLoginModule#logout() may fail in the presence of principals unknown 
> to Oak.
> -----------------------------------------------------------------------------------
>
>                 Key: OAK-8710
>                 URL: https://issues.apache.org/jira/browse/OAK-8710
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: security-spi
>            Reporter: Manfred Baedke
>            Priority: Major
>
> See 
> https://github.com/apache/jackrabbit-oak/blob/9569d659f0655d3ba16c1cfe1fbb5f53959f701f/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java#L189:
> The criterion for logout() to succeed is
> {code}!subject.getPrincipals().isEmpty() && 
> !subject.getPublicCredentials(Credentials.class).isEmpty(){code}
> This did not work in a case where the subject was created by a thread 
> handling an authenticated JMX connection (and later passed on to other 
> threads due to AccessControlContext inheritage).
> I'd propose to make logout() succeed unconditionally, but I'm not entirely 
> sure about side effects.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)