Merge pull request #262 from Skyllarr/fix-jbws-picketbox

[JBWS-4335] Use PicketBox to obtain Subject when Elytron security realm exposes PicketBox security domain
jbossws · Jan 23, 2023 · 5fec34c · 5fec34c
2 parents 7b041e0 + bcca42c
commit 5fec34c
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/.../server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java b/.../server/src/main/java/org/jboss/wsf/stack/cxf/security/authentication/SubjectCreator.java
@@ -160,10 +160,18 @@ public Subject createSubject(SecurityDomainContext ctx, String name, String pass
       if (TRACE)
          SECURITY_LOGGER.aboutToAuthenticate(ctx.getSecurityDomain());
 
+      RealmIdentity identity = null;
       if (securityDomain != null) {
-          // use elytron
+         // elytron security domain
+         try {
+            identity = securityDomain.getIdentity(principal.getName());
+         } catch (RealmUnavailableException e) {
+            throw MESSAGES.authenticationFailed(principal.getName());
+         }
+      }
+      if (identity != null && !identity.getClass().getName().equals("org.jboss.as.security.elytron.SecurityDomainContextRealm$PicketBoxBasedIdentity")) {
+          // identity is NOT obtained from picketbox's security domain so use elytron realm to obtain and verify credentials
          try {
-            RealmIdentity identity = securityDomain.getIdentity(principal.getName());
             if (identity.equals(RealmIdentity.NON_EXISTENT)) {
                throw MESSAGES.authenticationFailed(principal.getName());
             }