[jboss-jira] [JBoss JIRA] Created: (JBAS-6243) EJB2: Reintroduce explicit run as check before authentication
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Tue Nov 25 14:32:36 EST 2008
EJB2: Reintroduce explicit run as check before authentication
--------------------------------------------------------------
Key: JBAS-6243
URL: https://jira.jboss.org/jira/browse/JBAS-6243
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: JBossAS-5.0.0.CR2
Reporter: Anil Saldhana
Assignee: Anil Saldhana
Priority: Critical
Fix For: JBossAS-5.0.0.GA
Long ago I moved the checks for RunAs semantics to the Identity Trust Framework. But ITF can be an overhead and can be disabled by default by the user. The Java EE spec behavior is to bypass authentication and validate the incoming run as in the authorization zone. This explicit check needs to be reintroduced in the security interceptor.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list