tomee git commit: TOMEE-1457 avoid double security binding with webservices

Tue, 25 Nov 2014 07:29:03 -0800 

Repository: tomee
Updated Branches:
  refs/heads/develop 779694945 -> 0eaf73412


TOMEE-1457 avoid double security binding with webservices


Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/0eaf7341
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/0eaf7341
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/0eaf7341

Branch: refs/heads/develop
Commit: 0eaf7341268cd3a3f422b82bd5628c0c175fc333
Parents: 7796949
Author: Romain Manni-Bucau <[email protected]>
Authored: Tue Nov 25 16:27:55 2014 +0100
Committer: Romain Manni-Bucau <[email protected]>
Committed: Tue Nov 25 16:27:55 2014 +0100

----------------------------------------------------------------------
 .../org/apache/openejb/server/cxf/OpenEJBLoginValidator.java    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tomee/blob/0eaf7341/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
----------------------------------------------------------------------
diff --git 
a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
 
b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
index c8c953b..fd7a518 100644
--- 
a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
+++ 
b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
@@ -16,6 +16,7 @@
  */
 package org.apache.openejb.server.cxf;
 
+import org.apache.openejb.core.security.AbstractSecurityService;
 import org.apache.openejb.loader.SystemInstance;
 import org.apache.openejb.spi.SecurityService;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
@@ -51,7 +52,9 @@ public class OpenEJBLoginValidator extends 
UsernameTokenValidator {
             securityService.disassociate();
 
             token = securityService.login(user, password);
-            securityService.associate(token);
+            if (AbstractSecurityService.class.isInstance(securityService) && 
AbstractSecurityService.class.cast(securityService).currentState() == null) {
+                securityService.associate(token);
+            }
 
         } catch (LoginException e) {
             throw new SecurityException("cannot log user " + user, e);

Reply via email to