[jboss-jira] [JBoss JIRA] (AS7-6453) ejb-security-interceptors quickstart has several issues

Josef Cacek (JIRA) jira-events at lists.jboss.org
Tue Feb 5 09:09:51 EST 2013 

Josef Cacek created AS7-6453:
--------------------------------

             Summary: ejb-security-interceptors quickstart has several issues
                 Key: AS7-6453
                 URL: https://issues.jboss.org/browse/AS7-6453
             Project: Application Server 7
          Issue Type: Bug
          Components: EJB
            Reporter: Josef Cacek
            Assignee: Darran Lofthouse


The ejb-security-interceptors quickstarts should be improved a little bit:
 * root element of the {{jboss-ejb3.xml}} deployment descriptor should be {{<ejb-jar>}} (c.f. AS7-6452)
 * DelegationLoginModule doesn't need the callbackHandler member variable, the parrent class holds it ({{AbstractServerLoginModule}})
 * possible {{EJBException}} from the {{invocationContext.proceed()}} call is not correctly propagated in the {{ServerSecurityInterceptor}}

The correct part of ServerSecurityInterceptor code should look like:
{code}
try {
    if (desiredUser != null && connectionUser != null
            && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
        // The final part of this check is to verify that the change does actually indicate a change in user.
        try {
            // We have been requested to switch user and have successfully identified the user from the connection
            // so now we attempt the switch.
            cachedSecurityContext = SecurityActions.securityContextSetPrincipalInfo(desiredUser,
                    new OuterUserCredential(connectionUser));
            // keep track that we switched the security context
            contextSet = true;
            SecurityActions.remotingContextClear();
        } catch (Exception e) {
            logger.error("Failed to switch security context for user", e);
            // Don't propagate the exception stacktrace back to the client for security reasons
            throw new EJBAccessException("Unable to attempt switching of user.");
        }
    }

    return invocationContext.proceed();
} finally {
    // switch back to original security context
    if (contextSet) {
        SecurityActions.securityContextSet(cachedSecurityContext);
    }
}
{code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list