[jboss-jira] [JBoss JIRA] Updated: (JBMESSAGING-807) security context switch after sending a message

Andrea Di Cesare (JIRA) jira-events at jboss.com
Mon Feb 5 07:12:26 EST 2007 

     [ http://jira.jboss.com/jira/browse/JBMESSAGING-807?page=all ]

Andrea Di Cesare updated JBMESSAGING-807:
-----------------------------------------

    Attachment: bugtest.zip

I created a simple test case that fails due to this bug.

the zip file contains the server directory (just the configuration files and the deployee) and the src directory with the corresponding code (NetBeans project).

a junit test (src/test) allows to easily test it.

> security context switch after sending a message
> -----------------------------------------------
>
>                 Key: JBMESSAGING-807
>                 URL: http://jira.jboss.com/jira/browse/JBMESSAGING-807
>             Project: JBoss Messaging
>          Issue Type: Bug
>    Affects Versions: 1.0.1.SP2
>         Environment: linux (Centos 4.4), jboss 4.0.3SP1, JbossMessaging 1.0.1SP2
>            Reporter: Andrea Di Cesare
>         Assigned To: Ovidiu Feodorov
>             Fix For: 1.0.1.SP4
>
>         Attachments: bugtest.zip
>
>
> scenario: 
> a SLSB uses a SFSB and sends a message to a MDB's queue.  after having sent the message, the security context seems to switch to JBM's. after that, a call to the SFSB remove method throws security exception.
> the EJBs run under a security domain while the JBM has its own 
> The connection to send the messages is obtained with connection.getConnection(), therefore the unauthenticated principal (set in login-conf.xml) is used to access the queues.
> this is the pseudo code of the SLSB:
> 1. SFSB sfsb = SFSBHome.create();
> ....
> 2. send message to the MDB queue;
> ....
> 3. sfsb.remove();  <--- here SecurityException - principal = null
> if I remove the call 2, everything goes fine and the SFSB is correctly removed.
> note the the message is correctly sent.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list