[jboss-dev-forums] [Design of Security on JBoss] - Re: Why do we need a security context to access a local ejb?

adrian@jboss.org do-not-reply at jboss.com
Fri Apr 11 15:44:10 EDT 2008 

You don't need to run the testsuite, just copy that jar into deploy.

This patch fixes it:


  | Index: src/main/org/jboss/ejb/plugins/local/BaseLocalProxyFactory.java
  | ===================================================================
  | --- src/main/org/jboss/ejb/plugins/local/BaseLocalProxyFactory.java     (revision 72017)
  | +++ src/main/org/jboss/ejb/plugins/local/BaseLocalProxyFactory.java     (working copy)
  | @@ -532,18 +532,16 @@
  |           {
  |              SecurityContext sc = getSecurityContext();
  |              if(sc == null)
  | -               throw new IllegalStateException("No security context for getPrincipal");
  | +               return null;
  |              return sc.getUtil().getUserPrincipal();
  | -            //return SecurityAssociation.getPrincipal();
  |           }
  |  
  |           public Object getCredential()
  |           {
  |              SecurityContext sc = getSecurityContext();
  |              if(sc == null)
  | -               throw new IllegalStateException("No security context for getCredential");
  | +               return null;
  |              return sc.getUtil().getCredential();
  | -            //return SecurityAssociation.getCredential();
  |           }
  |           
  |           public SecurityContext getSecurityContext()
  | @@ -561,9 +559,8 @@
  |              {
  |                 SecurityContext sc = getSecurityContext();
  |                 if(sc == null)
  | -                  throw new IllegalStateException("No security context for getPrincipal");
  | +                  return null;
  |                 return sc.getUtil().getUserPrincipal();
  | -               //return SecurityAssociation.getPrincipal();
  |              }
  |           };
  |  
  | @@ -573,9 +570,8 @@
  |              {
  |                 SecurityContext sc = getSecurityContext();
  |                 if(sc == null)
  | -                  throw new IllegalStateException("No security context for getCredential");
  | +                  return null;
  |                 return sc.getUtil().getCredential();
  | -               //return SecurityAssociation.getCredential();
  |              }
  |           };
  | 

I don't think this is full fix, since it should be roughly the same logic as 
org.jboss.proxy.SecurityInterceptor.

SecurityInterceptor is used when a remote ejb proxy is operating in local optimization
mode, while BaseLocalProxyFactory is used for purely local proxies.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4143527#4143527

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4143527

More information about the jboss-dev-forums mailing list