[jboss-dev-forums] [Design of Security on JBoss] - Re: Why do we need a security context to access a local ejb?
anil.saldhana@jboss.com
do-not-reply at jboss.com
Fri Apr 11 16:19:10 EDT 2008
If an ejb defines a runas, then we push it on the security context for usage in the call path (thread level). So in the case of ejb local calls, if the sec context is null, then there is no run-as. But it is very very important for local calls. Currently, the magic code exists in the PreSecurityInterceptor (which I need to clean up a bit eventually) to detect the run as in local calls.
This was the question I had a few months back on the AS5 call( with you and Scott). I was told to aspectize security and not do anything with the invocation object.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4143534#4143534
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4143534
More information about the jboss-dev-forums
mailing list