[jboss-cvs] JBossAS SVN: r82229 - projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security.

[jboss-cvs-commits at lists.jboss.org]

Author: ALRubinger
Date: 2008-12-11 10:41:21 -0500 (Thu, 11 Dec 2008)
New Revision: 82229

Modified:
   projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
Log:
[EJBTHREE-1619] Set permissions in privileged block

Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2008-12-11 14:26:10 UTC (rev 82228)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java	2008-12-11 15:41:21 UTC (rev 82229)
@@ -22,6 +22,8 @@
 package org.jboss.ejb3.security;
 
 import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
 
 import javax.ejb.EJBAccessException;
 import javax.security.auth.Subject;
@@ -37,6 +39,7 @@
 import org.jboss.security.RunAs;
 import org.jboss.security.RunAsIdentity;
 import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
 import org.jboss.security.SecurityUtil;
 import org.jboss.security.javaee.EJBAuthenticationHelper;
 import org.jboss.security.javaee.SecurityHelperFactory;
@@ -94,9 +97,7 @@
           * of the existing sc. For remote calls, we create a new security context with the information
           * from the invocation sc
           */
-         SecurityContext sc = null; 
-
-         sc = SecurityActions.createSecurityContext(domainValue);
+         final SecurityContext sc = SecurityActions.createSecurityContext(domainValue);
          
          if(shelper.isLocalCall(mi))
          {
@@ -116,7 +117,15 @@
          SecurityActions.setSecurityContext(sc);
             
          //TODO: Need to get the SecurityManagement instance
-         sc.setSecurityManagement(getSecurityManagement());
+         AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
+         {
+            public Object run() throws Exception
+            {
+               sc.setSecurityManagement(getSecurityManagement());
+               return null;
+            }
+         });
+         
            
          //Check if there is a RunAs configured and can be trusted 
          EJBAuthenticationHelper helper = null;