[jboss-jira] [JBoss JIRA] (WFLY-96) ejb-security-interceptors quickstart has several issues
Jason Greene (JIRA)
jira-events at lists.jboss.org
Tue Apr 23 18:33:57 EDT 2013
[ https://issues.jboss.org/browse/WFLY-96?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Greene updated WFLY-96:
-----------------------------
Assignee: Darran Lofthouse (was: Ondrej Zizka)
> ejb-security-interceptors quickstart has several issues
> -------------------------------------------------------
>
> Key: WFLY-96
> URL: https://issues.jboss.org/browse/WFLY-96
> Project: WildFly
> Issue Type: Bug
> Components: EJB
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
> Fix For: 8.0.0.Alpha1
>
>
> The ejb-security-interceptors quickstarts should be improved a little bit:
> * root element of the {{jboss-ejb3.xml}} deployment descriptor should be {{<ejb-jar>}} (c.f. AS7-6452)
> * DelegationLoginModule doesn't need the callbackHandler member variable, the parrent class holds it ({{AbstractServerLoginModule}})
> * possible {{EJBException}} from the {{invocationContext.proceed()}} call is not correctly propagated in the {{ServerSecurityInterceptor}}
> The correct part of ServerSecurityInterceptor code should look like:
> {code}
> try {
> if (desiredUser != null && connectionUser != null
> && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
> // The final part of this check is to verify that the change does actually indicate a change in user.
> try {
> // We have been requested to switch user and have successfully identified the user from the connection
> // so now we attempt the switch.
> cachedSecurityContext = SecurityActions.securityContextSetPrincipalInfo(desiredUser,
> new OuterUserCredential(connectionUser));
> // keep track that we switched the security context
> contextSet = true;
> SecurityActions.remotingContextClear();
> } catch (Exception e) {
> logger.error("Failed to switch security context for user", e);
> // Don't propagate the exception stacktrace back to the client for security reasons
> throw new EJBAccessException("Unable to attempt switching of user.");
> }
> }
> return invocationContext.proceed();
> } finally {
> // switch back to original security context
> if (contextSet) {
> SecurityActions.securityContextSet(cachedSecurityContext);
> }
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list