[jboss-jira] [JBoss JIRA] Created: (EJBTHREE-1601) Introduce check for RunAs to bypass authentication
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Tue Nov 25 14:26:36 EST 2008
Introduce check for RunAs to bypass authentication
--------------------------------------------------
Key: EJBTHREE-1601
URL: https://jira.jboss.org/jira/browse/EJBTHREE-1601
Project: EJB 3.0
Issue Type: Bug
Components: Security
Affects Versions: 1.0.0-Beta8
Reporter: Anil Saldhana
Assignee: Anil Saldhana
Fix For: 1.0.0-Beta9
If a call comes to a container with an incoming RunAS, then the Java EE spec defines a role based approach. The authentication mechanism needs to be bypassed.
Currently, the Identity Trust Framework (with its JavaEETrustModule) takes care of incoming run as but the ITF may not be enabled by default and may not be configured for all security domains.
Hence bring back the explicit check for run-as in authentication interceptor.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list