[jboss-jira] [JBoss JIRA] Reopened: (JBAS-4317) Security Context over the invocation

[Thomas Diesler (JIRA)]

     [ http://jira.jboss.com/jira/browse/JBAS-4317?page=all ]

Thomas Diesler reopened JBAS-4317:
----------------------------------

             
With various jbossws tests I was getting

IllegalStateException("Security Context in invocation is null");

Please validate the change below.  

First throwing an ISE and then further down calling seems not logical

      //Place on the invocation
      if(mi.getSecurityContext() == null)
         mi.setSecurityContext(SecurityActions.getSecurityContext());

[tdiesler at tddell trunk]$ svn diff server
Index: server/src/main/org/jboss/ejb/SessionContainer.java
===================================================================
--- server/src/main/org/jboss/ejb/SessionContainer.java (revision 62601)
+++ server/src/main/org/jboss/ejb/SessionContainer.java (working copy)
@@ -620,9 +620,9 @@
 
    public Object internalInvokeHome(Invocation mi) throws Exception
    {
-      //Validate that there is a security context on the invocation 
+      //Place on the invocation
       if(mi.getSecurityContext() == null)
-         throw new IllegalStateException("Security Context in invocation is null");
+         mi.setSecurityContext(SecurityActions.getSecurityContext());
        
       String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
       if(sm != null)
@@ -633,9 +633,6 @@
                  mi.getCredential(), securityDomain, null); 
       }
       SecurityActions.pushCallerRunAsIdentity(mi.getSecurityContext().getRunAs());
-      //Place on the invocation
-      if(mi.getSecurityContext() == null)
-         mi.setSecurityContext(SecurityActions.getSecurityContext());
       
       Method method = mi.getMethod();
       if (method != null && method.getName().equals("remove"))
@@ -672,9 +669,9 @@
     */
    public Object internalInvoke(Invocation mi) throws Exception
    { 
-      //Validate that there is a security context on the invocation 
+      //Place on the invocation
       if(mi.getSecurityContext() == null)
-         throw new IllegalStateException("Security Context in invocation is null");
+         mi.setSecurityContext(SecurityActions.getSecurityContext());
        
       String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
       if(sm != null)
@@ -685,9 +682,6 @@
                  mi.getCredential(), securityDomain, null); 
       }
       SecurityActions.pushCallerRunAsIdentity(mi.getSecurityContext().getRunAs());
-      //Place on the invocation
-      if(mi.getSecurityContext() == null)
-         mi.setSecurityContext(SecurityActions.getSecurityContext());
        
       try
       { 


> Security Context over the invocation
> ------------------------------------
>
>                 Key: JBAS-4317
>                 URL: http://jira.jboss.com/jira/browse/JBAS-4317
>             Project: JBoss Application Server
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-5.0.0.Beta2
>            Reporter: Anil Saldhana
>         Assigned To: Anil Saldhana
>             Fix For:  JBossAS-5.0.0.Beta3
>
>
> Need to move away from the SecurityAssociation usage to incorporate Security Context over the invocation.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira