[jboss-jira] [JBoss JIRA] (AS7-6453) ejb-security-interceptors quickstart has several issues
Josef Cacek (JIRA)
jira-events at lists.jboss.org
Tue Feb 5 09:25:51 EST 2013
[ https://issues.jboss.org/browse/AS7-6453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12752326#comment-12752326 ]
Josef Cacek commented on AS7-6453:
----------------------------------
OK, Darran, I'll send PR with my changes.
> ejb-security-interceptors quickstart has several issues
> -------------------------------------------------------
>
> Key: AS7-6453
> URL: https://issues.jboss.org/browse/AS7-6453
> Project: Application Server 7
> Issue Type: Bug
> Components: EJB
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
>
> The ejb-security-interceptors quickstarts should be improved a little bit:
> * root element of the {{jboss-ejb3.xml}} deployment descriptor should be {{<ejb-jar>}} (c.f. AS7-6452)
> * DelegationLoginModule doesn't need the callbackHandler member variable, the parrent class holds it ({{AbstractServerLoginModule}})
> * possible {{EJBException}} from the {{invocationContext.proceed()}} call is not correctly propagated in the {{ServerSecurityInterceptor}}
> The correct part of ServerSecurityInterceptor code should look like:
> {code}
> try {
> if (desiredUser != null && connectionUser != null
> && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
> // The final part of this check is to verify that the change does actually indicate a change in user.
> try {
> // We have been requested to switch user and have successfully identified the user from the connection
> // so now we attempt the switch.
> cachedSecurityContext = SecurityActions.securityContextSetPrincipalInfo(desiredUser,
> new OuterUserCredential(connectionUser));
> // keep track that we switched the security context
> contextSet = true;
> SecurityActions.remotingContextClear();
> } catch (Exception e) {
> logger.error("Failed to switch security context for user", e);
> // Don't propagate the exception stacktrace back to the client for security reasons
> throw new EJBAccessException("Unable to attempt switching of user.");
> }
> }
> return invocationContext.proceed();
> } finally {
> // switch back to original security context
> if (contextSet) {
> SecurityActions.securityContextSet(cachedSecurityContext);
> }
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list