Issue Type: Bug Bug
Assignee: David Ward
Components: security
Created: 30/May/13 5:16 PM
Description:

To reproduce simply try to send an order in using the web form.

It appears JBossJaasSecurityProfile is clearing the security context before the web processor can clean up. Check out org.jboss.as.web.security.SecurityContextAssociationValve.invoke(). Around line 125, it pushes an identity. Then, around line 171 it pops the identity, which blows chunks because the security context has been nuked.

The stack trace when running the demo using the web form:

14:58:41,022 WARN  [org.switchyard.security.jboss.spi.JBossJaasSecurityProvider] (http-/127.0.0.1:8080-2) SwitchYard security domain (other) does not match JBoss security domain (jboss-web-policy).
14:58:41,025 WARN  [org.switchyard.security.jboss.spi.JBossJaasSecurityProvider] (http-/127.0.0.1:8080-2) SwitchYard security domain (other) does not match JBoss security domain (jboss-web-policy).
14:59:06,449 ERROR [org.apache.catalina.connector] (http-/127.0.0.1:8080-2) JBWEB001018: An exception or error occurred in the container during the request processing: java.lang.IllegalStateException: JBAS018053: No security context found
	at org.jboss.as.web.security.SecurityActions$6.run(SecurityActions.java:136) [jboss-as-web-7.2.0.Alpha1-redhat-4.jar:7.2.0.Alpha1-redhat-4]
	at org.jboss.as.web.security.SecurityActions$6.run(SecurityActions.java:130) [jboss-as-web-7.2.0.Alpha1-redhat-4.jar:7.2.0.Alpha1-redhat-4]
	at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]
	at org.jboss.as.web.security.SecurityActions.popRunAsIdentity(SecurityActions.java:130) [jboss-as-web-7.2.0.Alpha1-redhat-4.jar:7.2.0.Alpha1-redhat-4]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:171) [jboss-as-web-7.2.0.Alpha1-redhat-4.jar:7.2.0.Alpha1-redhat-4]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
	at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_37]
Fix Versions: 1.0
Project: SwitchYard
Priority: Major Major
Reporter: Rob Cernich
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira