Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-6449

InvokerAdaptorService overwrites existing SecurityContext and clears it after invocation

    XMLWordPrintable

Details

    Description

      The InvokerAdaptorService always creates a new SecurityContext even if there is already one created by components called earlier in invocation stack. After invoking the desired MBean method the SecurityContext will be cleared with a call to: SecurityActions.clearSecurityContext();
      This leads to several problems:
      In our project we have a secured EJB (annotated with @SecurityDomain) which is calling an MBean Service and a local (secured) EJB. After the invocation of the mbean there is no security context anymore which leads to an IllegalStateException "Security Context has not been set" thrown by RoleBasedAuthorizationInterceptorv2) when we try to call the local EJB.
      Following steps are possible to fix the problem:
      1. call to SecurityActions.getSecurityContext();
      2. if there is currently no SecurityContext create a new one and set it.
      3. if there already is a SecurityContext set, do nothing.
      4. call the mbean method.
      5. only if we created the SecurityContext, we should clear it with SecurityActions.clearSecurityContext(), otherwise, do nothing.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBAS-6443 org.jboss.ejb3.security.SecurityActions thows NPE

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBPAPP-2479 InvokerAdaptorService overwrites existing SecurityContext and clears it after invocation

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              anil.saldhana Anil Saldanha (Inactive)
              Michael_Gronau Michael Gronau (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: