[jboss-jira] [JBoss JIRA] Commented: (JBAS-8169) Make default values of org.jboss.metadata.IorSecurityConfigMetaData configurable

[ https://jira.jboss.org/browse/JBAS-8169?page=com.atlassian.jira.plugin.sy... ] Stefan Guilhen commented on JBAS-8169: -------------------------------------- I'll take a look at the code to find out the best place to put the IOR configuration. Regarding CSIv2 security settings propagation, it is wrong to say it doesn't happen. The application server security context is populated by the EjbObjectCorbaServant and EjbHomeCorbaServant. When the IIOP call reaches one of these servants, a regular org.jboss.invocation.Invocation object is created, populated, and then forwarded to the EJB container just like a JRMP call would have been. If you take a look at the servants, you will notice they retrieve a SASCurrent instance from the ORB and use this current object to obtain the security info (internally SASCurrent has a reference to the SASTargetInterceptor and uses this reference to obtain the security params). The security info is then inserted in the Invocation object and the invocation is dispatched to the EJB container. So if the call is routed through the EJB servants, the security context will be created later on by the EJB container security interceptors. If you have a different servant, you will have to code something similar to what we have in the EJB servants yourself. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira