[jboss-cvs] JBossAS SVN: r110663 - branches/JBPAPP_5_1_0_Final_JBPAPP-5820/security/src/main/org/jboss/security/plugins.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Feb 14 10:12:01 EST 2011
Author: dehort
Date: 2011-02-14 10:12:01 -0500 (Mon, 14 Feb 2011)
New Revision: 110663
Modified:
branches/JBPAPP_5_1_0_Final_JBPAPP-5820/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
Log:
JBPAPP-5915 - Fixed a bug where an unauthenticated user could invoke methods on the ProfileService
Modified: branches/JBPAPP_5_1_0_Final_JBPAPP-5820/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java
===================================================================
--- branches/JBPAPP_5_1_0_Final_JBPAPP-5820/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2011-02-14 15:03:45 UTC (rev 110662)
+++ branches/JBPAPP_5_1_0_Final_JBPAPP-5820/security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java 2011-02-14 15:12:01 UTC (rev 110663)
@@ -63,6 +63,7 @@
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.integration.JNDIBasedSecurityManagement;
import org.jboss.security.integration.SecurityConstantsBridge;
+import org.jboss.security.integration.SecurityDomainObjectFactory;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
import org.jboss.security.propertyeditor.PrincipalEditor;
import org.jboss.security.propertyeditor.SecurityDomainEditor;
@@ -482,6 +483,16 @@
Reference ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
ctx.rebind(DEFAULT_CACHE_POLICY_PATH, ref);
log.debug("cachePolicyCtxPath="+cacheJndiName);
+
+ // JBAPAPP-5459: binding java:/jaas to JNDI before services in the deploy start
+ /* Create a mapping from the java:/jaas context to a SecurityDomainObjectFactory
+ so that any lookup against java:/jaas/domain returns an instance of our
+ security manager class.
+ */
+ refAddr = new StringRefAddr("nns", "JSM");
+ factoryName = SecurityDomainObjectFactory.class.getName();
+ ref = new Reference("javax.naming.Context", refAddr, factoryName, null);
+ ctx.rebind(SecurityConstants.JAAS_CONTEXT_ROOT, ref);
// Bind the default SecurityProxyFactory instance under java:/SecurityProxyFactory
SecurityProxyFactory proxyFactory = (SecurityProxyFactory) securityProxyFactoryClass.newInstance();
More information about the jboss-cvs-commits
mailing list