[jboss-jira] [JBoss JIRA] Assigned: (JBAS-7405) use-caller-identity should be default if no explicit security-identity is set in
Alexey Loubyansky (JIRA)
jira-events at lists.jboss.org
Wed Oct 28 06:41:17 EDT 2009
[ https://jira.jboss.org/jira/browse/JBAS-7405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexey Loubyansky reassigned JBAS-7405:
---------------------------------------
Assignee: Anil Saldhana (was: Alexey Loubyansky)
Anil, could you please look into this?
> use-caller-identity should be default if no explicit security-identity is set in
> ---------------------------------------------------------------------------------
>
> Key: JBAS-7405
> URL: https://jira.jboss.org/jira/browse/JBAS-7405
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: EJB2
> Affects Versions: JBossAS-5.1.0.GA
> Reporter: Sverker Abrahamsson
> Assignee: Anil Saldhana
>
> According to
> http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.2/doc/Server_Configuration_Guide/J2EE_Declarative_Security_Overview-Security_Identity.html if no explicit security-identity is set in ejb-jar on a bean, then propagation of the caller identity should be the default.
> That is not currently the case, if no security-identity is set then useCallerIdentity remains false. I believe the bug is in org.jboss.ejb.plugins.SecurityInterceptor#setContainer and that adding the follwing at line 160 (on the JBossAS 5.1.0.GA version) should solve the problem:
> if (secMetaData == null)
> this.isUseCallerIdentity = true;
> Could be that this bug was introduced with the fix for JBAS-5011, for some reason I can't get fisheye to work right now to check it out.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list