[jboss-jira] [JBoss JIRA] Updated: (JBAS-3976) Stateful Session Bean throws a Null Security Context exception with no login
Ryan Campbell (JIRA)
jira-events at lists.jboss.org
Sat Mar 3 14:19:09 EST 2007
[ http://jira.jboss.com/jira/browse/JBAS-3976?page=all ]
Ryan Campbell updated JBAS-3976:
--------------------------------
Fix Version/s: JBossAS-4.2.0.GA
JBossAS-4.0.5.SP1
> Stateful Session Bean throws a Null Security Context exception with no login
> ----------------------------------------------------------------------------
>
> Key: JBAS-3976
> URL: http://jira.jboss.com/jira/browse/JBAS-3976
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: JBossAS-5.0.0.Beta1, JBossAS-4.0.5.GA
> Reporter: Anil Saldhana
> Assigned To: Anil Saldhana
> Fix For: JBossAS-4.0.5.SP1 , JBossAS-4.2.0.GA, JBossAS-5.0.0.Beta3
>
>
> Since the stateful session bean instance interceptor happens before the security interceptor (security exceptions need to invalidate the session), the call to set the principal on the enterprise context can fail when the bean was invoked with no login. Remember the getCallerPrincipal call on the context needs to always return a non-null principal.
> If the setting of the principal on the context happens after the security checks have been made via the security interceptor, there is security domain settings reflected via the unauthenticated principal setting on the domain into the principal to be set on the context.
> Of course the user can always specify the unauthenticated-principal tag in jboss-app.xml/jboss.xml DD but this should not be mandatory.
> There is a need for a new interceptor after the security interceptor.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list