Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-11036

IIOP - Client principal is retained in subsequent invocations even if the client is not associated with the principal anymore

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: EAP_EWP 5.2.0, EAP_EWP 5.3.0.ER1
    • Fix Version/s: EAP_EWP 5.3.0.ER2
    • Component/s: IIOP
    • Labels:
      None
    • Release Notes Docs Status:
      Not Required
    • Docs QE Status:
      NEW

      Description

      Client principal is retained on server in SecurityAssociation in subsequent invocations even if the calling client is not associated with the principal anymore. This allows an client to execute code which he should not be allowed to execute.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                dpospisil Dominik Pospisil
                Reporter:
                dpospisil Dominik Pospisil
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: