[jboss-user] [Security & JAAS/JBoss] - Re: need advice
info@connext.co.za
do-not-reply at jboss.com
Wed Sep 13 16:49:59 EDT 2006
Good Day,
The SecurityAssociation is used by the ClientLoginModule to stuff the Principal and Credentials into the calling threads context so that this can authenticated by the security inteceptors before a EJB call is processed.
Is a SecurityException being thrown because the ClientLoginModule makes use of PrivilegedAction implemented in the internal class SecurityAssociationActions.
Try changing the java security policy for the code to all or use a PrivilegedAction.
| /**
| * Set the current principal information. If a security manager is present,
| * then this method calls the security manager's <code>checkPermission</code>
| * method with a <code> RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
| * </code> permission to ensure it's ok to access principal information. If
| * not, a <code>SecurityException</code> will be thrown.
| * @param principal - the current principal identity.
| */
| public static void setPrincipal(Principal principal)
| {
| SecurityManager sm = System.getSecurityManager();
| if (sm != null)
| sm.checkPermission(setPrincipalInfoPermission);
|
| if (trace)
| log.trace("setPrincipal, p=" + principal + ", server=" + server);
| if (server)
| {
| threadPrincipal.set(principal);
| }
| else
| SecurityAssociation.principal = principal;
| // Integrate with the new SubjectContext
| SubjectContext sc = threadSubjectStacks.peek();
| if( sc == null )
| {
| // There is no active security context
| sc = new SubjectContext();
| threadSubjectStacks.push(sc);
| }
| else if( (sc.getFlags() & SubjectContext.PRINCIPAL_WAS_SET) != 0 )
| {
| // The current security context has its principal set
| sc = new SubjectContext();
| threadSubjectStacks.push(sc);
| }
| sc.setPrincipal(principal);
| if (trace)
| log.trace("setPrincipal, sc="+sc);
| }
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971393#3971393
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3971393
More information about the jboss-user
mailing list