[jboss-jira] [JBoss JIRA] Updated: (JBAS-5066) InstanceInterceptors need to set SecurityContext on EnterpriseContext from Threadlocal

Anil Saldhana (JIRA) jira-events at lists.jboss.org
Sun Dec 9 17:39:51 EST 2007 

     [ http://jira.jboss.com/jira/browse/JBAS-5066?page=all ]

Anil Saldhana updated JBAS-5066:
--------------------------------

    Fix Version/s: JBossAS-5.0.0.CR1
                       (was:  JBossAS-5.0.0.Beta3)

Not critical for Beta3 release. 



> InstanceInterceptors need to set SecurityContext on EnterpriseContext from Threadlocal
> --------------------------------------------------------------------------------------
>
>                 Key: JBAS-5066
>                 URL: http://jira.jboss.com/jira/browse/JBAS-5066
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security, EJB2
>    Affects Versions: JBossAS-5.0.0.Beta2
>            Reporter: Anil Saldhana
>         Assigned To: Anil Saldhana
>             Fix For: JBossAS-5.0.0.CR1
>
>
> Currently, the StatelessInstanceInterceptor is doing
> ctx.setSecurityContext(mi.getSecurityContext());
> which leads to an error in the audit log  (Note: CLIENT_PROXY) as:
> --------------------------------------------
> 2007-12-09 08:06:25,734 TRACE [org.jboss.security.audit.providers.LogAuditProvid
> er] (WorkerThread#0[127.0.0.1:1180]:) [Error]roleRefPermissionCheck=true;authori
> zationManager=[AuthorizationManager:class=org.jboss.security.plugins.JBossAuthor
> izationManager:CLIENT_PROXY:];roleName=InternalRole;Resource:=[org.jboss.securit
> y.authorization.resources.EJBResource:contextMap={roleRefPermissionCheck=true, r
> oleName=InternalRole, authorizationManager=[AuthorizationManager:class=org.jboss
> .security.plugins.JBossAuthorizationManager:CLIENT_PROXY:]}:method=null:ejbMetho
> dInterface=null:ejbName=Entity:ejbPrincipal=scott:methodRoles=null:securityRoleR
> eferences=[]];Source=org.jboss.security.integration.ejb.EJBAuthorizationHelper;E
> xception:=Authorization Failed: ;
> ------------------------------------------------------------
> what needs to be done is:
> ctx.setSecurityContext(SecurityActions.getSecurityContext());
> For StatefulInstanceInterceptor which gets invoked before SecurityInterceptor, create a new sec ctx based on the container settings.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list