[jboss-jira] [JBoss JIRA] Created: (JBAS-7550) AuthenticationInterceptor overwrites the existing SecurityContext

[martin walla (JIRA)]

AuthenticationInterceptor overwrites the existing SecurityContext
-----------------------------------------------------------------

                 Key: JBAS-7550
                 URL: https://jira.jboss.org/jira/browse/JBAS-7550
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Security
    Affects Versions: JBossAS-5.1.0.GA
         Environment: Windows XP, JBoss 5.1.0.GA, JDK 1.6.0_16
            Reporter: martin walla
            Assignee: Anil Saldhana


The class org.jboss.jmx.connector.invoker.AuthenticationInterceptor has a bug.

In the file deploy/jmx-invoker-service.xml i had enabled the "commented out" AuthenticationInterceptor on the definition of the
org.jboss.jmx.connector.invoker.InvokerAdaptorService  MBean.

If the current Thread has a Principal (SecurityAssociation.getPrincipal()) then before the AuthenticationInterceptor the Principal is returned.
After the AuthenticationInterceptor NULL is returned.

Problem is similar to the bug JBAS-6449 where the problem was in the org.jboss.jmx.connector.invoker.InvokerAdaptorService.

The AuthenticationInterceptor sets the SecurityContext in line 94-95, but didn't save the current one to restore it afterwards.
            SecurityContext sc = SecurityActions.createSecurityContext(securityDomain);
            SecurityActions.setSecurityContext(sc);


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira