[jboss-cvs] JBossAS SVN: r78109 - trunk/server/src/main/org/jboss/ejb.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Sep 5 17:52:52 EDT 2008 

Author: anil.saldhana at jboss.com
Date: 2008-09-05 17:52:52 -0400 (Fri, 05 Sep 2008)
New Revision: 78109

Modified:
   trunk/server/src/main/org/jboss/ejb/MessageDrivenContainer.java
   trunk/server/src/main/org/jboss/ejb/SecurityActions.java
Log:
JBAS-5931: ensure no security context for MDB

Modified: trunk/server/src/main/org/jboss/ejb/MessageDrivenContainer.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/MessageDrivenContainer.java	2008-09-05 21:35:21 UTC (rev 78108)
+++ trunk/server/src/main/org/jboss/ejb/MessageDrivenContainer.java	2008-09-05 21:52:52 UTC (rev 78109)
@@ -40,6 +40,7 @@
 
 import org.jboss.invocation.Invocation;
 import org.jboss.metadata.MessageDrivenMetaData;
+import org.jboss.security.SecurityContext;
 import org.jboss.util.NullArgumentException;
 
 /**
@@ -405,8 +406,19 @@
     */
    public Object internalInvoke(Invocation mi) throws Exception
    {
-      // Invoke through interceptors
-      return getInterceptor().invoke(mi); 
+      SecurityContext cachedContext = null;
+      try
+      {
+         cachedContext = SecurityActions.getSecurityContext();
+         //For message driven beans, there is no security context
+         SecurityActions.setSecurityContext(null);
+         // Invoke through interceptors
+         return getInterceptor().invoke(mi);
+      }
+      finally
+      {
+         SecurityActions.setSecurityContext(cachedContext);
+      }
    }
 
 

Modified: trunk/server/src/main/org/jboss/ejb/SecurityActions.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/SecurityActions.java	2008-09-05 21:35:21 UTC (rev 78108)
+++ trunk/server/src/main/org/jboss/ejb/SecurityActions.java	2008-09-05 21:52:52 UTC (rev 78109)
@@ -404,4 +404,16 @@
          }
       });
    }
+   
+   static void setSecurityContext(final SecurityContext securityContext) 
+   { 
+      AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+      {
+         public SecurityContext run() 
+         {
+            SecurityContextAssociation.setSecurityContext(securityContext);
+            return null;
+         }
+      });
+   }
 }

More information about the jboss-cvs-commits mailing list