Details
-
Bug
-
Resolution: Obsolete
-
Major
-
JBossAS-5.0.0.Beta2
-
None
-
Medium
Description
Currently, the StatelessInstanceInterceptor is doing
ctx.setSecurityContext(mi.getSecurityContext());
which leads to an error in the audit log (Note: CLIENT_PROXY) as:
--------------------------------------------
2007-12-09 08:06:25,734 TRACE [org.jboss.security.audit.providers.LogAuditProvid
er] (WorkerThread#0[127.0.0.1:1180] [Error]roleRefPermissionCheck=true;authori
zationManager=[AuthorizationManager:class=org.jboss.security.plugins.JBossAuthor
izationManager:CLIENT_PROXY:];roleName=InternalRole;Resource:=[org.jboss.securit
y.authorization.resources.EJBResource:contextMap=
:method=null:ejbMetho
dInterface=null:ejbName=Entity:ejbPrincipal=scott:methodRoles=null:securityRoleR
eferences=[]];Source=org.jboss.security.integration.ejb.EJBAuthorizationHelper;E
xception:=Authorization Failed: ;
------------------------------------------------------------
what needs to be done is:
ctx.setSecurityContext(SecurityActions.getSecurityContext());
For StatefulInstanceInterceptor which gets invoked before SecurityInterceptor, create a new sec ctx based on the container settings.