eclipse-ee4j · arjantijms · Feb 19, 2024 · Feb 19, 2024
diff --git a/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java b/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java
@@ -1428,7 +1428,12 @@ private boolean validate(HttpRequest request, HttpResponse response, LoginConfig
                     Principal glassFishCallerPrincipal = getGlassFishCallerPrincipal(caller);
 
                     toSubject(subject, glassFishCallerPrincipal);
-                    toSubjectCredential(subject, new DistinguishedPrincipalCredential(glassFishCallerPrincipal));
+                    DistinguishedPrincipalCredential distinguishedPrincipal = new DistinguishedPrincipalCredential(glassFishCallerPrincipal);
+
+                    // Credentials don't serialize, so for now, also add to the subject principals
+                    // For next version, see if we can only use principals
+                    toSubject(subject, distinguishedPrincipal);
+                    toSubjectCredential(subject, distinguishedPrincipal);
 
                     for (String group : caller.getGroups()) {
                         toSubject(subject, new Group(group));
@@ -1617,6 +1622,18 @@ public Subject run() {
                     }
                 }
 
+                if (!hasObject) {
+                    Set<DistinguishedPrincipalCredential> distinguishedPrincipals = securityContextSubject.getPrincipals(DistinguishedPrincipalCredential.class);
+                    if (distinguishedPrincipals.size() == 1) {
+                        for (DistinguishedPrincipalCredential cred : distinguishedPrincipals) {
+                            if (cred.getPrincipal().equals(callerPrincipal)) {
+                                hasObject = true;
+                            }
+                        }
+                    }
+                }
+
+
                 /**
                  * 2. Subject within SecurityContext must contain a single DistinguishedPrincipalCredential that identifies the Caller Principal
                  */

diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, 2022 Contributors to the Eclipse Foundation
+ * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
  * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -131,6 +131,16 @@ public Principal run() {
                     }
                 }
 
+                if (principal == null) {
+                    for (Principal publicCredential : finalSubject.getPrincipals()) {
+                        if (publicCredential instanceof DistinguishedPrincipalCredential) {
+                            DistinguishedPrincipalCredential distinguishedPrincipalCredential = (DistinguishedPrincipalCredential) publicCredential;
+                            principal = distinguishedPrincipalCredential.getPrincipal();
+                            break;
+                        }
+                    }
+                }
+
                 // for old auth module
                 if (principal == null) {
                     Iterator<Principal> prinIter = finalSubject.getPrincipals().iterator();

diff --git a/...rc/main/java/com/sun/enterprise/security/auth/login/DistinguishedPrincipalCredential.java b/...rc/main/java/com/sun/enterprise/security/auth/login/DistinguishedPrincipalCredential.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation.
+ * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation.
  * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -17,9 +17,12 @@
 
 package com.sun.enterprise.security.auth.login;
 
+import java.io.Serializable;
 import java.security.Principal;
 
-public class DistinguishedPrincipalCredential {
+public class DistinguishedPrincipalCredential implements Principal, Serializable {
+
+    private static final long serialVersionUID = 1L;
 
     private final Principal principal;
 
@@ -35,4 +38,13 @@ public Principal getPrincipal() {
     public String toString() {
         return "DistingushedPrincipal[" + principal + "]";
     }
+
+    @Override
+    public String getName() {
+        if (principal == null) {
+            return null;
+        }
+
+        return principal.getName();
+    }
 }
diff --git a/...re/src/main/java/com/sun/enterprise/security/auth/realm/certificate/CertificateRealm.java b/...re/src/main/java/com/sun/enterprise/security/auth/realm/certificate/CertificateRealm.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
  * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -139,7 +139,9 @@ public void authenticate(Subject subject, X500Principal principal) {
         }
 
         if (!subject.getPrincipals().isEmpty()) {
-            subject.getPublicCredentials().add(new DistinguishedPrincipalCredential(principal));
+            DistinguishedPrincipalCredential distinguishedPrincipal = new DistinguishedPrincipalCredential(principal);
+            subject.getPrincipals().add(distinguishedPrincipal);
+            subject.getPublicCredentials().add(distinguishedPrincipal);
         }
 
         SecurityContext.setCurrent(new SecurityContext(name, subject));