|Supply Subject to login modules using LoginContextFactory [message #1755594]
||Mon, 06 March 2017 08:22
| Ulrik Rasmussen
Registered: March 2017
The org.eclipse.equinox.security.auth.LoginContextFactory class can be used to construct a JAAS LoginContext in a way that is compatible with OSGi. However, LoginContextFactory does not expose the same constructor interface as the JAAS LoginContext class, as it is impossible to supply a custom Subject to be authenticated.|
It seems to me that this makes it impossible to use LoginContext.logout() in a meaningful way, as the configured login modules will always run in the context of an empty Subject. It also makes it impossible for login modules to skip authentication steps if suitable credentials are already present in the Subject to be authenticated.
Can anyone comment on whether this design is intentional, or whether I should file a bug report?
[Updated on: Mon, 06 March 2017 17:39]
Report message to a moderator
Powered by FUDForum
. Page generated in 0.01785 seconds