0 Replies Latest reply on Jun 7, 2016 6:57 AM by evelyne.debusschere

    DeploymentRolesMappingProvider maps only the last principal (picketbox)

    evelyne.debusschere
    evelyne.debusschere Jun 7, 2016 6:57 AM

      Hi,

       

      I'm testing the org.jboss.security.mapping.providers.DeploymentRolesMappingProvider on JBOSS EAP 6.4.

       

      Why do you clear the roles in the mapGroup method ?

       

      mappedObject.clearRoles();

       

      It results that the authenticated user only receive the last mapped roles.

       

      https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java

       

      picketbox/DeploymentRolesMappingUnitTestCase.java at master · picketbox/picketbox · GitHub

       

      My Subject contains many principals (no java.security.acl.Group)

       

      I have added a unit test to reproduce the bug.