[
http://jira.jboss.com/jira/browse/JBAS-4317?page=comments#action_12360717 ]
Anil Saldhana commented on JBAS-4317:
-------------------------------------
Thomas, the security context either comes over the wire (remote calls) or comes from the
thread local (Local EJB invocations). So where-ever the Invocation object is created on
the server side, the security context needs to be set on the Invocation object. The
IllegalStateException thrown in the containers was one way of validating that whoever was
creating the Invocation object has set the security context (just the way they would have
done with .setPrincipal, setCredential etc).
The primary issue is that there are various integration layers constructing the Invocation
object rather than a central place. Some of the examples where the Invocation object is
created on the server side include the BaseLocalProxyFactory, ProxyFinderFactory,
CMPFieldBridgexxxx.
So I will need to revert back the IllegalStateException and need your stack trace so that
I can understand where your Invocation is being created.
Once the containers have established that the invocation does contain a security context,
they set it on the thread local so that the JACC PolicyContext get Subject call always
takes care of the RunAsIdentity that came into the specific container.
Security Context over the invocation
------------------------------------
Key: JBAS-4317
URL:
http://jira.jboss.com/jira/browse/JBAS-4317
Project: JBoss Application Server
Issue Type: Task
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: JBossAS-5.0.0.Beta2
Reporter: Anil Saldhana
Assigned To: Anil Saldhana
Fix For: JBossAS-5.0.0.Beta3
Need to move away from the SecurityAssociation usage to incorporate Security Context over
the invocation.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira