[jboss-jira] [JBoss JIRA] Closed: (EJBTHREE-1601) Introduce check for RunAs to bypass authentication
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Tue Nov 25 14:28:36 EST 2008
[ https://jira.jboss.org/jira/browse/EJBTHREE-1601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anil Saldhana closed EJBTHREE-1601.
-----------------------------------
Resolution: Done
> Introduce check for RunAs to bypass authentication
> --------------------------------------------------
>
> Key: EJBTHREE-1601
> URL: https://jira.jboss.org/jira/browse/EJBTHREE-1601
> Project: EJB 3.0
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.0.0-Beta8
> Reporter: Anil Saldhana
> Assignee: Anil Saldhana
> Fix For: 1.0.0-Beta9
>
>
> If a call comes to a container with an incoming RunAS, then the Java EE spec defines a role based approach. The authentication mechanism needs to be bypassed.
> Currently, the Identity Trust Framework (with its JavaEETrustModule) takes care of incoming run as but the ITF may not be enabled by default and may not be configured for all security domains.
> Hence bring back the explicit check for run-as in authentication interceptor.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list