Hi,
the AbstractUsernameTokenAuthenticatingInterceptor comes with the
following abstract method:
/**
* Create a Subject representing a current user and its roles.
* This Subject is expected to contain at least one Principal
representing a user
* and optionally followed by one or more principal Groups this user
is a member of.
* It will also be available in doCreateSecurityContext.
* @param name username
* @param password password
* @param isDigest true if a password digest is used
* @param nonce optional nonce
* @param created optional timestamp
* @return subject
* @throws SecurityException
*/
protected abstract Subject createSubject(String name,
String password,
boolean isDigest,
String nonce,
String created) throws
SecurityException;
the javadoc implies that the ordering of principals in the returned
subject is relevant and as a matter of fact there's a check in
'setSubject' method relying on that (that is on the assumption that the
user principal is the first one).
Would it make sense here / not break anything to relax the ordering
requirement a bit (to skip group principals that might be before the
actual principal) and change the check for example as in
http://pastebin.com/0T9mVbj3 ? This might grant some flexibility to
implementors of that abstract method.
Thanks
Alessio
--
Alessio Soldano
Web Service Lead, JBoss
