Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-4689

SimpleSecurityManager and JBossCachedAuthenticationManager do not work together correctly when calling remote ejb

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 7.1.1.Final
    • EJB
    • Hide

      We have custom login modules. One for the remoting connection ('jas-remote" and one for the ejb's ('jas'):
      <security-realm name="ApplicationRealm">
      <authentication>
      <jaas name="jas-remote"/>
      </authentication>
      </security-realm>

      <security-domain cache-type="default" name="jas-remote">
      <authentication>
      <login-module code="com.os.ee.security.jboss.JBoss7RemotingLoginModule" flag="optional"/>
      </authentication>
      </security-domain>
      <security-domain cache-type="default" name="jas">
      <authentication>
      <login-module code="com.os.ee.security.jboss.JBoss7ServerLoginModule" flag="required"/>
      </authentication>
      </security-domain>

      Show
      We have custom login modules. One for the remoting connection ('jas-remote" and one for the ejb's ('jas'): <security-realm name="ApplicationRealm"> <authentication> <jaas name="jas-remote"/> </authentication> </security-realm> <security-domain cache-type="default" name="jas-remote"> <authentication> <login-module code="com.os.ee.security.jboss.JBoss7RemotingLoginModule" flag="optional"/> </authentication> </security-domain> <security-domain cache-type="default" name="jas"> <authentication> <login-module code="com.os.ee.security.jboss.JBoss7ServerLoginModule" flag="required"/> </authentication> </security-domain>

      the method SimpleSecurityManager.push(...) is called for every ejb call and here for every call a new instance of SimplePrincipal is created for the SubjectInfo. Then the method authenticate() is called. Here it delegates to the JBossCachedAuthenticationManager which tries to find an already cached principal, but this cannot work, because the get() function of the cache returns null. It returns null, because of the newly created SimplePrincipal for the current invocation.

            jaikiran Jaikiran Pai (Inactive)
            Michael_Gronau Michael Gronau (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: