[jboss-cvs] JBossAS SVN: r59085 - trunk/server/src/main/org/jboss/ejb/plugins

Mon Dec 18 13:36:51 EST 2006

Author: anil.saldhana at jboss.com
Date: 2006-12-18 13:36:50 -0500 (Mon, 18 Dec 2006)
New Revision: 59085

Modified:
   trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
Log:
add a try/finally block around the context call subject retrieval

Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================

--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java	2006-12-18 18:09:57 UTC (rev 59084)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java	2006-12-18 18:36:50 UTC (rev 59085)
@@ -26,7 +26,7 @@
 import org.jboss.metadata.ApplicationMetaData;
 import org.jboss.metadata.AssemblyDescriptorMetaData;
 import org.jboss.metadata.BeanMetaData;
-import org.jboss.metadata.SecurityIdentityMetaData;  
+import org.jboss.metadata.SecurityIdentityMetaData;   
 import org.jboss.security.AuthenticationManager;
 import org.jboss.security.AuthorizationManager;
 import org.jboss.security.RealmMapping;
@@ -110,7 +110,7 @@
     */
    protected String appSecurityDomain = null; 
    //Fallback Security Domain
-   protected String defaultAuthorizationSecurityDomain = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY; 
+   protected String defaultAuthorizationSecurityDomain = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;  
     
    /** Called by the super class to set the container to which this interceptor
     belongs. We obtain the security manager and runAs identity to use here.
@@ -152,7 +152,7 @@
          //Authorization Framework changes
          appSecurityDomain = applicationMetaData.getSecurityDomain();
          ejbName = beanMetaData.getEjbName();  
-         ejbCS = container.getBeanClass().getProtectionDomain().getCodeSource();
+         ejbCS = container.getBeanClass().getProtectionDomain().getCodeSource(); 
       }
    }
 
@@ -341,9 +341,16 @@
       * (Get the same behavior as split JaasAuthenticationInterceptor
       * and JaccAuthorizationInterceptor)
       */
-     SecurityActions.pushRunAsIdentity(runAsIdentity);
-     Subject caller = SecurityActions.getContextSubject(); 
-     SecurityActions.popRunAsIdentity();
+     Subject caller = null;
+     try
+     { 
+        SecurityActions.pushRunAsIdentity(runAsIdentity);
+        caller = SecurityActions.getContextSubject();
+     }
+     finally
+     { 
+        SecurityActions.popRunAsIdentity();
+     }   
      return caller;
   }
   


