[jboss-dev-forums] [Design of Security on JBoss] - Re: Why do we need a security context to access a local ejb?
anil.saldhana@jboss.com
do-not-reply at jboss.com
Fri Apr 11 16:46:29 EDT 2008
The PreSecurityInterceptor establishes the correct SC for both the local and remote invocations.
The reason BaseLocalProxyFactory does not do any runas processing is because the SecurityContext that is set on the threadlocal (I call it the SecurityContextAssociation) is available to the PreSecurityInterceptor since the call emanated in the same vm.
The proxy/SecurityInterceptor can be in the client vm. So I pick up the run as and send it in the SC over the invocation. This is a new feature (passing RunAs across VMs even though we have to attach additional trust semantics to inter-vm calls).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4143545#4143545
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4143545
More information about the jboss-dev-forums
mailing list