[jboss-jira] [JBoss JIRA] Closed: (JBAS-5066) InstanceInterceptors need to set SecurityContext on EnterpriseContext from Threadlocal

Anil Saldhana (JIRA) jira-events at lists.jboss.org
Wed Jan 23 16:32:21 EST 2008 

     [ http://jira.jboss.com/jira/browse/JBAS-5066?page=all ]

Anil Saldhana closed JBAS-5066.
-------------------------------

    Resolution: Out of Date

This was fixed by removing the property "securityContext" in EnterpriseContext and the EC getting the security context from the threadlocal for programmatic sec.

> InstanceInterceptors need to set SecurityContext on EnterpriseContext from Threadlocal
> --------------------------------------------------------------------------------------
>
>                 Key: JBAS-5066
>                 URL: http://jira.jboss.com/jira/browse/JBAS-5066
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: EJB2, Security
>    Affects Versions: JBossAS-5.0.0.Beta2
>            Reporter: Anil Saldhana
>         Assigned To: Anil Saldhana
>             Fix For: JBossAS-5.0.0.Beta4
>
>
> Currently, the StatelessInstanceInterceptor is doing
> ctx.setSecurityContext(mi.getSecurityContext());
> which leads to an error in the audit log  (Note: CLIENT_PROXY) as:
> --------------------------------------------
> 2007-12-09 08:06:25,734 TRACE [org.jboss.security.audit.providers.LogAuditProvid
> er] (WorkerThread#0[127.0.0.1:1180]:) [Error]roleRefPermissionCheck=true;authori
> zationManager=[AuthorizationManager:class=org.jboss.security.plugins.JBossAuthor
> izationManager:CLIENT_PROXY:];roleName=InternalRole;Resource:=[org.jboss.securit
> y.authorization.resources.EJBResource:contextMap={roleRefPermissionCheck=true, r
> oleName=InternalRole, authorizationManager=[AuthorizationManager:class=org.jboss
> .security.plugins.JBossAuthorizationManager:CLIENT_PROXY:]}:method=null:ejbMetho
> dInterface=null:ejbName=Entity:ejbPrincipal=scott:methodRoles=null:securityRoleR
> eferences=[]];Source=org.jboss.security.integration.ejb.EJBAuthorizationHelper;E
> xception:=Authorization Failed: ;
> ------------------------------------------------------------
> what needs to be done is:
> ctx.setSecurityContext(SecurityActions.getSecurityContext());
> For StatefulInstanceInterceptor which gets invoked before SecurityInterceptor, create a new sec ctx based on the container settings.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list