[jboss-jira] [JBoss JIRA] Created: (JBAS-5066) InstanceInterceptors need to set SecurityContext on EnterpriseContext from Threadlocal

Anil Saldhana (JIRA) jira-events at lists.jboss.org
Sun Dec 9 11:00:51 EST 2007 

InstanceInterceptors need to set SecurityContext on EnterpriseContext from Threadlocal
--------------------------------------------------------------------------------------

                 Key: JBAS-5066
                 URL: http://jira.jboss.com/jira/browse/JBAS-5066
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: EJB2, Security
    Affects Versions: JBossAS-5.0.0.Beta2
            Reporter: Anil Saldhana
         Assigned To: Anil Saldhana
             Fix For:  JBossAS-5.0.0.Beta3


Currently, the StatelessInstanceInterceptor is doing
ctx.setSecurityContext(mi.getSecurityContext());

which leads to an error in the audit log  (Note: CLIENT_PROXY) as:

--------------------------------------------
2007-12-09 08:06:25,734 TRACE [org.jboss.security.audit.providers.LogAuditProvid
er] (WorkerThread#0[127.0.0.1:1180]:) [Error]roleRefPermissionCheck=true;authori
zationManager=[AuthorizationManager:class=org.jboss.security.plugins.JBossAuthor
izationManager:CLIENT_PROXY:];roleName=InternalRole;Resource:=[org.jboss.securit
y.authorization.resources.EJBResource:contextMap={roleRefPermissionCheck=true, r
oleName=InternalRole, authorizationManager=[AuthorizationManager:class=org.jboss
.security.plugins.JBossAuthorizationManager:CLIENT_PROXY:]}:method=null:ejbMetho
dInterface=null:ejbName=Entity:ejbPrincipal=scott:methodRoles=null:securityRoleR
eferences=[]];Source=org.jboss.security.integration.ejb.EJBAuthorizationHelper;E
xception:=Authorization Failed: ;
------------------------------------------------------------

what needs to be done is:
ctx.setSecurityContext(SecurityActions.getSecurityContext());

For StatefulInstanceInterceptor which gets invoked before SecurityInterceptor, create a new sec ctx based on the container settings.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list