Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-7550

AuthenticationInterceptor overwrites the existing SecurityContext

    XMLWordPrintable

Details

    Description

      The class org.jboss.jmx.connector.invoker.AuthenticationInterceptor has a bug.

      In the file deploy/jmx-invoker-service.xml i had enabled the "commented out" AuthenticationInterceptor on the definition of the
      org.jboss.jmx.connector.invoker.InvokerAdaptorService MBean.

      If the current Thread has a Principal (SecurityAssociation.getPrincipal()) then before the AuthenticationInterceptor the Principal is returned.
      After the AuthenticationInterceptor NULL is returned.

      Problem is similar to the bug JBAS-6449 where the problem was in the org.jboss.jmx.connector.invoker.InvokerAdaptorService.

      The AuthenticationInterceptor sets the SecurityContext in line 94-95, but didn't save the current one to restore it afterwards.
      SecurityContext sc = SecurityActions.createSecurityContext(securityDomain);
      SecurityActions.setSecurityContext(sc);

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            mardinator martin walla (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: