[JBoss JIRA] Created: (JBAS-8600) An EJB invocation with runas-identity causes that runas-identity to be used for all invocations of that EJB
8:44 a.m.
An EJB invocation with runas-identity causes that runas-identity to be used for all
invocations of that EJB
-----------------------------------------------------------------------------------------------------------
Key: JBAS-8600
URL: https://jira.jboss.org/browse/JBAS-8600
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: EJB2
Affects Versions: JBossAS-5.1.0.GA
Reporter: Magnus Lind
Assignee: Alexey Loubyansky
If a context associated with a runas-identity invokes a method on a (non-runas deployed)
stateless session EJB then subsequent invocations from any authenticated context will be
performed as if the EJB was runas-deployed using that identity.
Only a restart of the application server will help.
A runas-identity context is usually established within invocations of Servlets or EJBs
with runas-deployment. All non-runas deployed EJBs invoked from such a servlet, EJB (or
MDB) will be affected.
This behavior is probably caused by a bug in org.jboss.ejb.plugins.SecurityInterceptor.
The following patch solves the problem for us:
Index: org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- org/jboss/ejb/plugins/SecurityInterceptor.java (revision 109035)
+++ org/jboss/ejb/plugins/SecurityInterceptor.java (arbetskopia)
@@ -248,18 +248,19 @@
throw e;
}
+ RunAs runAsIdentityToPush = runAsIdentity;
/**
* Special case: if <use-caller-identity> configured and
* the caller is arriving with a run-as, we need to push that run-as
*/
if (callerRunAsIdentity != null && this.isUseCallerIdentity)
- this.runAsIdentity = callerRunAsIdentity;
+ runAsIdentityToPush = callerRunAsIdentity;
/* If a run-as role was specified, push it so that any calls made
by this bean will have the runAsRole available for declarative
security checks.
*/
- SecurityActions.pushRunAsIdentity(runAsIdentity);
+ SecurityActions.pushRunAsIdentity(runAsIdentityToPush);
try
{
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:58 a.m.
New subject: [JBoss JIRA] Assigned: (JBAS-8600) An EJB invocation with runas-identity causes that runas-identity to be used for all invocations of that EJB
[
https://jira.jboss.org/browse/JBAS-8600?page=com.atlassian.jira.plugin.sy...
]
Alexey Loubyansky reassigned JBAS-8600:
---------------------------------------
Assignee: Anil Saldhana (was: Alexey Loubyansky)
Anil, can you check, please?
An EJB invocation with runas-identity causes that runas-identity to
be used for all invocations of that EJB
-----------------------------------------------------------------------------------------------------------
Key: JBAS-8600
URL: https://jira.jboss.org/browse/JBAS-8600
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: EJB2
Affects Versions: JBossAS-5.1.0.GA
Reporter: Magnus Lind
Assignee: Anil Saldhana
If a context associated with a runas-identity invokes a method on a (non-runas deployed)
stateless session EJB then subsequent invocations from any authenticated context will be
performed as if the EJB was runas-deployed using that identity.
Only a restart of the application server will help.
A runas-identity context is usually established within invocations of Servlets or EJBs
with runas-deployment. All non-runas deployed EJBs invoked from such a servlet, EJB (or
MDB) will be affected.
This behavior is probably caused by a bug in org.jboss.ejb.plugins.SecurityInterceptor.
The following patch solves the problem for us:
Index: org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- org/jboss/ejb/plugins/SecurityInterceptor.java (revision 109035)
+++ org/jboss/ejb/plugins/SecurityInterceptor.java (arbetskopia)
@@ -248,18 +248,19 @@
throw e;
}
+ RunAs runAsIdentityToPush = runAsIdentity;
/**
* Special case: if <use-caller-identity> configured and
* the caller is arriving with a run-as, we need to push that run-as
*/
if (callerRunAsIdentity != null && this.isUseCallerIdentity)
- this.runAsIdentity = callerRunAsIdentity;
+ runAsIdentityToPush = callerRunAsIdentity;
/* If a run-as role was specified, push it so that any calls made
by this bean will have the runAsRole available for declarative
security checks.
*/
- SecurityActions.pushRunAsIdentity(runAsIdentity);
+ SecurityActions.pushRunAsIdentity(runAsIdentityToPush);
try
{
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:12 a.m.
New subject: [JBoss JIRA] Assigned: (JBAS-8600) An EJB invocation with runas-identity causes that runas-identity to be used for all invocations of that EJB
[
https://jira.jboss.org/browse/JBAS-8600?page=com.atlassian.jira.plugin.sy...
]
Anil Saldhana reassigned JBAS-8600:
-----------------------------------
Assignee: Marcus Moyses (was: Anil Saldhana)
Validate this, please.
An EJB invocation with runas-identity causes that runas-identity to
be used for all invocations of that EJB
-----------------------------------------------------------------------------------------------------------
Key: JBAS-8600
URL: https://jira.jboss.org/browse/JBAS-8600
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: EJB2
Affects Versions: JBossAS-5.1.0.GA
Reporter: Magnus Lind
Assignee: Marcus Moyses
If a context associated with a runas-identity invokes a method on a (non-runas deployed)
stateless session EJB then subsequent invocations from any authenticated context will be
performed as if the EJB was runas-deployed using that identity.
Only a restart of the application server will help.
A runas-identity context is usually established within invocations of Servlets or EJBs
with runas-deployment. All non-runas deployed EJBs invoked from such a servlet, EJB (or
MDB) will be affected.
This behavior is probably caused by a bug in org.jboss.ejb.plugins.SecurityInterceptor.
The following patch solves the problem for us:
Index: org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- org/jboss/ejb/plugins/SecurityInterceptor.java (revision 109035)
+++ org/jboss/ejb/plugins/SecurityInterceptor.java (arbetskopia)
@@ -248,18 +248,19 @@
throw e;
}
+ RunAs runAsIdentityToPush = runAsIdentity;
/**
* Special case: if <use-caller-identity> configured and
* the caller is arriving with a run-as, we need to push that run-as
*/
if (callerRunAsIdentity != null && this.isUseCallerIdentity)
- this.runAsIdentity = callerRunAsIdentity;
+ runAsIdentityToPush = callerRunAsIdentity;
/* If a run-as role was specified, push it so that any calls made
by this bean will have the runAsRole available for declarative
security checks.
*/
- SecurityActions.pushRunAsIdentity(runAsIdentity);
+ SecurityActions.pushRunAsIdentity(runAsIdentityToPush);
try
{
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:19 a.m.
New subject: [JBoss JIRA] Updated: (JBAS-8600) An EJB invocation with runas-identity causes that runas-identity to be used for all invocations of that EJB
[
https://jira.jboss.org/browse/JBAS-8600?page=com.atlassian.jira.plugin.sy...
]
Lami Akagwu updated JBAS-8600:
------------------------------
An EJB invocation with runas-identity causes that runas-identity to
be used for all invocations of that EJB
-----------------------------------------------------------------------------------------------------------
Key: JBAS-8600
URL: https://jira.jboss.org/browse/JBAS-8600
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: EJB2
Affects Versions: JBossAS-5.1.0.GA
Reporter: Magnus Lind
Assignee: Marcus Moyses
If a context associated with a runas-identity invokes a method on a (non-runas deployed)
stateless session EJB then subsequent invocations from any authenticated context will be
performed as if the EJB was runas-deployed using that identity.
Only a restart of the application server will help.
A runas-identity context is usually established within invocations of Servlets or EJBs
with runas-deployment. All non-runas deployed EJBs invoked from such a servlet, EJB (or
MDB) will be affected.
This behavior is probably caused by a bug in org.jboss.ejb.plugins.SecurityInterceptor.
The following patch solves the problem for us:
Index: org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- org/jboss/ejb/plugins/SecurityInterceptor.java (revision 109035)
+++ org/jboss/ejb/plugins/SecurityInterceptor.java (arbetskopia)
@@ -248,18 +248,19 @@
throw e;
}
+ RunAs runAsIdentityToPush = runAsIdentity;
/**
* Special case: if <use-caller-identity> configured and
* the caller is arriving with a run-as, we need to push that run-as
*/
if (callerRunAsIdentity != null && this.isUseCallerIdentity)
- this.runAsIdentity = callerRunAsIdentity;
+ runAsIdentityToPush = callerRunAsIdentity;
/* If a run-as role was specified, push it so that any calls made
by this bean will have the runAsRole available for declarative
security checks.
*/
- SecurityActions.pushRunAsIdentity(runAsIdentity);
+ SecurityActions.pushRunAsIdentity(runAsIdentityToPush);
try
{
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:19 a.m.
New subject: [JBoss JIRA] Commented: (JBAS-8600) An EJB invocation with runas-identity causes that runas-identity to be used for all invocations of that EJB
[
https://jira.jboss.org/browse/JBAS-8600?page=com.atlassian.jira.plugin.sy...
]
Lami Akagwu commented on JBAS-8600:
-----------------------------------
Any ideas on the timescale for getting this fixed for EAP 5.1.0 ?
An EJB invocation with runas-identity causes that runas-identity to
be used for all invocations of that EJB
-----------------------------------------------------------------------------------------------------------
Key: JBAS-8600
URL: https://jira.jboss.org/browse/JBAS-8600
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: EJB2
Affects Versions: JBossAS-5.1.0.GA
Reporter: Magnus Lind
Assignee: Marcus Moyses
If a context associated with a runas-identity invokes a method on a (non-runas deployed)
stateless session EJB then subsequent invocations from any authenticated context will be
performed as if the EJB was runas-deployed using that identity.
Only a restart of the application server will help.
A runas-identity context is usually established within invocations of Servlets or EJBs
with runas-deployment. All non-runas deployed EJBs invoked from such a servlet, EJB (or
MDB) will be affected.
This behavior is probably caused by a bug in org.jboss.ejb.plugins.SecurityInterceptor.
The following patch solves the problem for us:
Index: org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- org/jboss/ejb/plugins/SecurityInterceptor.java (revision 109035)
+++ org/jboss/ejb/plugins/SecurityInterceptor.java (arbetskopia)
@@ -248,18 +248,19 @@
throw e;
}
+ RunAs runAsIdentityToPush = runAsIdentity;
/**
* Special case: if <use-caller-identity> configured and
* the caller is arriving with a run-as, we need to push that run-as
*/
if (callerRunAsIdentity != null && this.isUseCallerIdentity)
- this.runAsIdentity = callerRunAsIdentity;
+ runAsIdentityToPush = callerRunAsIdentity;
/* If a run-as role was specified, push it so that any calls made
by this bean will have the runAsRole available for declarative
security checks.
*/
- SecurityActions.pushRunAsIdentity(runAsIdentity);
+ SecurityActions.pushRunAsIdentity(runAsIdentityToPush);
try
{
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:21 a.m.
New subject: [JBoss JIRA] Resolved: (JBAS-8600) An EJB invocation with runas-identity causes that runas-identity to be used for all invocations of that EJB
[
https://jira.jboss.org/browse/JBAS-8600?page=com.atlassian.jira.plugin.sy...
]
Marcus Moyses resolved JBAS-8600.
---------------------------------
Fix Version/s: 6.0.0.Final
Resolution: Done
Fixed
An EJB invocation with runas-identity causes that runas-identity to
be used for all invocations of that EJB
-----------------------------------------------------------------------------------------------------------
Key: JBAS-8600
URL: https://jira.jboss.org/browse/JBAS-8600
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: EJB2
Affects Versions: JBossAS-5.1.0.GA
Reporter: Magnus Lind
Assignee: Marcus Moyses
Fix For: 6.0.0.Final
If a context associated with a runas-identity invokes a method on a (non-runas deployed)
stateless session EJB then subsequent invocations from any authenticated context will be
performed as if the EJB was runas-deployed using that identity.
Only a restart of the application server will help.
A runas-identity context is usually established within invocations of Servlets or EJBs
with runas-deployment. All non-runas deployed EJBs invoked from such a servlet, EJB (or
MDB) will be affected.
This behavior is probably caused by a bug in org.jboss.ejb.plugins.SecurityInterceptor.
The following patch solves the problem for us:
Index: org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- org/jboss/ejb/plugins/SecurityInterceptor.java (revision 109035)
+++ org/jboss/ejb/plugins/SecurityInterceptor.java (arbetskopia)
@@ -248,18 +248,19 @@
throw e;
}
+ RunAs runAsIdentityToPush = runAsIdentity;
/**
* Special case: if <use-caller-identity> configured and
* the caller is arriving with a run-as, we need to push that run-as
*/
if (callerRunAsIdentity != null && this.isUseCallerIdentity)
- this.runAsIdentity = callerRunAsIdentity;
+ runAsIdentityToPush = callerRunAsIdentity;
/* If a run-as role was specified, push it so that any calls made
by this bean will have the runAsRole available for declarative
security checks.
*/
- SecurityActions.pushRunAsIdentity(runAsIdentity);
+ SecurityActions.pushRunAsIdentity(runAsIdentityToPush);
try
{
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:19 a.m.
New subject: [JBoss JIRA] Commented: (JBAS-8600) An EJB invocation with runas-identity causes that runas-identity to be used for all invocations of that EJB
[
https://jira.jboss.org/browse/JBAS-8600?page=com.atlassian.jira.plugin.sy...
]
Magnus Grimsell commented on JBAS-8600:
---------------------------------------
We need this bug fix for JBoss 5.1. Are there any plans for a JBoss 5.1.1?
An EJB invocation with runas-identity causes that runas-identity to
be used for all invocations of that EJB
-----------------------------------------------------------------------------------------------------------
Key: JBAS-8600
URL: https://jira.jboss.org/browse/JBAS-8600
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: EJB2
Affects Versions: JBossAS-5.1.0.GA
Reporter: Magnus Lind
Assignee: Marcus Moyses
Fix For: 6.0.0.Final
If a context associated with a runas-identity invokes a method on a (non-runas deployed)
stateless session EJB then subsequent invocations from any authenticated context will be
performed as if the EJB was runas-deployed using that identity.
Only a restart of the application server will help.
A runas-identity context is usually established within invocations of Servlets or EJBs
with runas-deployment. All non-runas deployed EJBs invoked from such a servlet, EJB (or
MDB) will be affected.
This behavior is probably caused by a bug in org.jboss.ejb.plugins.SecurityInterceptor.
The following patch solves the problem for us:
Index: org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- org/jboss/ejb/plugins/SecurityInterceptor.java (revision 109035)
+++ org/jboss/ejb/plugins/SecurityInterceptor.java (arbetskopia)
@@ -248,18 +248,19 @@
throw e;
}
+ RunAs runAsIdentityToPush = runAsIdentity;
/**
* Special case: if <use-caller-identity> configured and
* the caller is arriving with a run-as, we need to push that run-as
*/
if (callerRunAsIdentity != null && this.isUseCallerIdentity)
- this.runAsIdentity = callerRunAsIdentity;
+ runAsIdentityToPush = callerRunAsIdentity;
/* If a run-as role was specified, push it so that any calls made
by this bean will have the runAsRole available for declarative
security checks.
*/
- SecurityActions.pushRunAsIdentity(runAsIdentity);
+ SecurityActions.pushRunAsIdentity(runAsIdentityToPush);
try
{
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5155
days inactive
5181
days old
6 comments
6 participants
participants (6)
-
Alexey Loubyansky (JIRA) -
Anil Saldhana (JIRA)
-
Lami Akagwu (JIRA)
-
Magnus Grimsell (JIRA)
-
Magnus Lind (JIRA)
-
Marcus Moyses (JIRA)