[jboss-cvs] JBossAS SVN: r98947 - trunk/server/src/main/java/org/jboss/ejb/plugins/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Dec 29 12:12:56 EST 2009
Author: sguilhen at redhat.com
Date: 2009-12-29 12:12:56 -0500 (Tue, 29 Dec 2009)
New Revision: 98947
Modified:
trunk/server/src/main/java/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java
trunk/server/src/main/java/org/jboss/ejb/plugins/security/SecurityActions.java
Log:
JBAS-7037: ensure the EJB container security domain is used when a local call originated from the Web container gets to the PreSecurityInterceptor. If the Web application uses a different domain from the EJB application, we need to make that the correct security domain is used in each container.
Modified: trunk/server/src/main/java/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java
===================================================================
--- trunk/server/src/main/java/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java 2009-12-29 16:22:30 UTC (rev 98946)
+++ trunk/server/src/main/java/org/jboss/ejb/plugins/security/PreSecurityInterceptor.java 2009-12-29 17:12:56 UTC (rev 98947)
@@ -101,6 +101,7 @@
log.trace("process:isInvoke="+isInvoke + " bean="+ container.getServiceName());
SecurityIdentity si = null;
+ String incomingDomain = null;
Method m = mi.getMethod();
boolean isEjbTimeOutMethod = m!= null && m.getName().equals(timedObjectMethod);
//For local ejb invocations
@@ -110,10 +111,15 @@
//Cache the security context
SecurityContext sc = SecurityActions.getSecurityContext();
if(sc != null)
- si = SecurityActions.getSecurityIdentity(sc);
+ {
+ si = SecurityActions.getSecurityIdentity(sc);
+ incomingDomain = sc.getSecurityDomain();
+ }
SecurityActions.setSecurityManagement(sc, container.getSecurityManagement());
-
+ // set the container's security domain in the security context
+ SecurityActions.setSecurityDomain(sc, this.securityDomain);
+
log.trace("SecurityIdentity="+SecurityActions.trace(si));
//Set the security context on the invocation
mi.setSecurityContext(sc);
@@ -139,7 +145,9 @@
{
SecurityActions.popCallerRunAsIdentity();
if(mi.isLocal() && si != null)
- SecurityActions.setSecurityIdentity(SecurityActions.getSecurityContext(), si);
+ SecurityActions.setSecurityIdentity(SecurityActions.getSecurityContext(), si);
+ if(mi.isLocal() && incomingDomain != null)
+ SecurityActions.setSecurityDomain(SecurityActions.getSecurityContext(), incomingDomain);
log.trace("Exit process():isInvoke="+isInvoke);
}
}
Modified: trunk/server/src/main/java/org/jboss/ejb/plugins/security/SecurityActions.java
===================================================================
--- trunk/server/src/main/java/org/jboss/ejb/plugins/security/SecurityActions.java 2009-12-29 16:22:30 UTC (rev 98946)
+++ trunk/server/src/main/java/org/jboss/ejb/plugins/security/SecurityActions.java 2009-12-29 17:12:56 UTC (rev 98947)
@@ -143,6 +143,18 @@
);
}
+ static void setSecurityDomain(final SecurityContext sc, final String domain)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ sc.setSecurityDomain(domain);
+ return null;
+ }
+ });
+ }
+
static String trace(final SecurityContext sc)
{
return AccessController.doPrivileged(new PrivilegedAction<String>()
More information about the jboss-cvs-commits
mailing list