[JBoss JIRA] Created: (JBESB-2324) ServiceInvoker clears security thread local context during post

[JBoss JIRA] Created: (JBESB-2327)...

[JBoss JIRA] Created: (JBESB-2234)...

Kevin Conner (JIRA)

Friday, 30 January 2009 Fri, 30 Jan '09

5:21 a.m.

ServiceInvoker clears security thread local context during post --------------------------------------------------------------- Key: JBESB-2324 URL: https://jira.jboss.org/jira/browse/JBESB-2324 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Rosetta, Security Affects Versions: 4.4 CP1, 4.5 Reporter: Kevin Conner Assignee: Daniel Bevenius Fix For: 4.4 CP2, 4.5 Subsequent invocations of ServiceInvoker will no longer have access to the context. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Show replies by date

Daniel Bevenius (JIRA)

Friday, 30 January Fri, 30 Jan

5:45 a.m.

New subject: [JBoss JIRA] Commented: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Daniel Bevenius commented on JBESB-2324: ---------------------------------------- Not sure if I understand what the issue ishere. Let me explain... I've modified the security_basic quickstart and using the attachted jboss-esb.xml 'ant runtest' This is the output on server console (with some comments): 12:29:45,254 INFO [STDOUT] In Service1 (jms transport secured): <-- Service is secured using jms transport 12:29:45,254 INFO [STDOUT] [Message payload example(just a String) ]. 12:29:45,255 INFO [STDOUT] Subject in MyListenerAction : Subject: Principal: esbuser Principal: Roles(members:esbrole) 12:29:45,322 INFO [STDOUT] In Service2 (jms transport secured): <-- Service is secured using jms transport 12:29:45,322 INFO [STDOUT] [Message payload example(just a String) ]. 12:29:45,323 INFO [STDOUT] Subject in MyListenerAction : Subject: Principal: esbuser Principal: Roles(members:esbrole) 12:29:45,371 INFO [STDOUT] In Service3 (invm transport non-secured): <-- Service is not secured using invm transport 12:29:45,371 INFO [STDOUT] [Message payload example(just a String) ]. 12:29:45,371 INFO [STDOUT] Subject in MyListenerAction : null <-- Subject not accessible to action pipeline 12:29:45,412 INFO [STDOUT] In Service4 (invm transport secured): <-- Service is secured using invm transport 12:29:45,412 INFO [STDOUT] [Message payload example(just a String) ]. 12:29:45,412 INFO [STDOUT] Subject in MyListenerAction : Subject: <-- Subject is accessible to action pipeline Principal: esbuser Principal: Roles(members:esbrole) So we are removing the context only so that the pipeline cannot access it but using the ServiceInvoker (through StaticRouter). Did I miss something here?

...

-- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Daniel Bevenius (JIRA)

5:45 a.m.

New subject: [JBoss JIRA] Work started: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Work on JBESB-2324 started by Daniel Bevenius.

...

Daniel Bevenius (JIRA)

5:45 a.m.

New subject: [JBoss JIRA] Updated: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Daniel Bevenius updated JBESB-2324: ----------------------------------- Attachment: jboss-esb.xml

...

Daniel Bevenius (JIRA)

5:50 a.m.

New subject: [JBoss JIRA] Commented: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Daniel Bevenius commented on JBESB-2324: ---------------------------------------- Just to clarify: Service is secured using jms transport what I mean was Service is secured. Using jms transport I didn't mean that the service was secured using the jms transport :)

...

Kevin Conner (JIRA)

6 a.m.

New subject: [JBoss JIRA] Commented: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Kevin Conner commented on JBESB-2324: ------------------------------------- Any pipeline which contains more than one invocation of the SecurityInvoker will not pass the credentials across with the second and subsequent invocations. This could be through static routing to multiple endpoints, CBR to multiple endpoints, multiple actions in the pipeline. Any pipeline containing just one invocation of the SI will pass the credentials.

...

Daniel Bevenius (JIRA)

6:55 a.m.

New subject: [JBoss JIRA] Commented: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Daniel Bevenius commented on JBESB-2324: ---------------------------------------- Sorry still not able to reproduce this :( I've attached a new jboss-esb.xml and also an action that uses ServiceInvoker to invoke a configured service n "times". Kev, would you be able to modify this in a way that reproduces this issue you found so I can fix it?

...

Daniel Bevenius (JIRA)

6:57 a.m.

New subject: [JBoss JIRA] Updated: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Daniel Bevenius updated JBESB-2324: ----------------------------------- Attachment: ServiceInvokerAction.java

...

ServiceInvoker clears security thread local context during post --------------------------------------------------------------- Key: JBESB-2324 URL: https://jira.jboss.org/jira/browse/JBESB-2324 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta, Security Affects Versions: 4.4 CP1, 4.5 Reporter: Kevin Conner Assignee: Daniel Bevenius Fix For: 4.4 CP2, 4.5 Attachments: jboss-esb.xml, jboss-esb.xml, ServiceInvokerAction.java Subsequent invocations of ServiceInvoker will no longer have access to the context.

Daniel Bevenius (JIRA)

6:57 a.m.

New subject: [JBoss JIRA] Updated: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Daniel Bevenius updated JBESB-2324: ----------------------------------- Attachment: jboss-esb.xml

...

ServiceInvoker clears security thread local context during post --------------------------------------------------------------- Key: JBESB-2324 URL: https://jira.jboss.org/jira/browse/JBESB-2324 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta, Security Affects Versions: 4.4 CP1, 4.5 Reporter: Kevin Conner Assignee: Daniel Bevenius Fix For: 4.4 CP2, 4.5 Attachments: jboss-esb.xml, jboss-esb.xml, ServiceInvokerAction.java Subsequent invocations of ServiceInvoker will no longer have access to the context.

Kevin Conner (JIRA)

7:14 a.m.

New subject: [JBoss JIRA] Assigned: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Kevin Conner reassigned JBESB-2324: ----------------------------------- Assignee: Kevin Conner (was: Daniel Bevenius) Talked with Daniel, I'm taking this one for now.

...

ServiceInvoker clears security thread local context during post --------------------------------------------------------------- Key: JBESB-2324 URL: https://jira.jboss.org/jira/browse/JBESB-2324 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta, Security Affects Versions: 4.4 CP1, 4.5 Reporter: Kevin Conner Assignee: Kevin Conner Fix For: 4.4 CP2, 4.5 Attachments: jboss-esb.xml, jboss-esb.xml, ServiceInvokerAction.java Subsequent invocations of ServiceInvoker will no longer have access to the context.

Kevin Conner (JIRA)

10:42 a.m.

New subject: [JBoss JIRA] Commented: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Kevin Conner commented on JBESB-2324: ------------------------------------- Okay, there were actually two bugs involved with this. - thread local context being cleared during the first post - context *not* being removed from the original message The sequence of events were, therefore - SI invoked, setting context on message and removing thread context - async invocation but original message still contains context - back to action (context now in original message, shouldn't be) - second SI invocation, no thread context to set *but* it already exists in the message So, if a different message was used then the context would not be propagated. I have added a unit test to cover these bugs and fixed the SI class. Currently running a full test run to make sure this does not break assumptions elsewhere.

...

ServiceInvoker clears security thread local context during post --------------------------------------------------------------- Key: JBESB-2324 URL: https://jira.jboss.org/jira/browse/JBESB-2324 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta, Security Affects Versions: 4.4 CP1, 4.5 Reporter: Kevin Conner Assignee: Kevin Conner Fix For: 4.4 CP2, 4.5 Attachments: jboss-esb.xml, jboss-esb.xml, ServiceInvokerAction.java Subsequent invocations of ServiceInvoker will no longer have access to the context.

Kevin Conner (JIRA)

12:52 p.m.

New subject: [JBoss JIRA] Commented: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Kevin Conner commented on JBESB-2324: ------------------------------------- CP updated in revision 25025.

...

ServiceInvoker clears security thread local context during post --------------------------------------------------------------- Key: JBESB-2324 URL: https://jira.jboss.org/jira/browse/JBESB-2324 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta, Security Affects Versions: 4.4 CP1, 4.5 Reporter: Kevin Conner Assignee: Kevin Conner Fix For: 4.4 CP2, 4.5 Attachments: jboss-esb.xml, jboss-esb.xml, ServiceInvokerAction.java Subsequent invocations of ServiceInvoker will no longer have access to the context.

Kevin Conner (JIRA)

Tuesday, 3 February Tue, 3 Feb

5:34 a.m.

New subject: [JBoss JIRA] Closed: (JBESB-2324) ServiceInvoker clears security thread local context during post

[ https://jira.jboss.org/jira/browse/JBESB-2324?page=com.atlassian.jira.plu... ] Kevin Conner closed JBESB-2324. ------------------------------- Resolution: Done trunk updated as part of JBESB-2233.

...

ServiceInvoker clears security thread local context during post --------------------------------------------------------------- Key: JBESB-2324 URL: https://jira.jboss.org/jira/browse/JBESB-2324 Project: JBoss ESB Issue Type: Bug Security Level: Public(Everyone can see) Components: Rosetta, Security Affects Versions: 4.4 CP1, 4.5 Reporter: Kevin Conner Assignee: Kevin Conner Fix For: 4.4 CP2, 4.5 Attachments: jboss-esb.xml, jboss-esb.xml, ServiceInvokerAction.java Subsequent invocations of ServiceInvoker will no longer have access to the context.

5780

days inactive

5784

days old

esb-issues@lists.jboss.org

Manage subscription

12 comments

2 participants

tags (0)

participants (2)

Daniel Bevenius (JIRA)
Kevin Conner (JIRA)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[JBoss JIRA] Created: (JBESB-2324) ServiceInvoker clears security thread local context during post