Darran Lofthouse created AS7-4692:
-------------------------------------
Summary: Review SecurityContext associations
Key: AS7-4692
URL:
https://issues.jboss.org/browse/AS7-4692
Project: Application Server 7
Issue Type: Task
Components: Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 7.2.0.Alpha1
We should re-review the approach we take for security context association within AS7
containers.
Back at the time of AS 3 it fairly reliable to assume a 1:1 mapping of thread and client
with the incoming connection being allocated it's own thread, this is no longer
automatically the case and different containers can use different threading models e.g.
using Executors to handle asynchronous requests.
The problem with using a ThreadLocal approach is that every time a container diverges from
the 1:1 mapping of thread and client that container needs to work around the issue of an
invalid SecurityContext association.
One possibility is to pass responsibility for managing the context to the container
although this then introduces the question of how it is passed from container to
container. This issue needs to consider this further.
Also need to review further how the security context can be created at all entry points to
the server and how it can be manually switched now that we use SASL on entry for remote
calls we do now have the opportunity for equivalent behaviour at the entry point for both
web and ejb type calls - in the past we only had this opportunity for web based calls and
would only create a security context on entering the interceptors for the EJB calls.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira