tomee git commit: TOMEE-1457 avoid double security binding with webservices

Tue, 25 Nov 2014 07:29:04 -0800 

Repository: tomee
Updated Branches:
  refs/heads/tomee-1.7.x e85aee313 -> 37e2eacf1


TOMEE-1457 avoid double security binding with webservices


Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/37e2eacf
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/37e2eacf
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/37e2eacf

Branch: refs/heads/tomee-1.7.x
Commit: 37e2eacf1e514d59a2bc7acabf71118924402a48
Parents: e85aee3
Author: Romain Manni-Bucau <[email protected]>
Authored: Tue Nov 25 16:28:13 2014 +0100
Committer: Romain Manni-Bucau <[email protected]>
Committed: Tue Nov 25 16:28:13 2014 +0100

----------------------------------------------------------------------
 .../org/apache/openejb/server/cxf/OpenEJBLoginValidator.java    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tomee/blob/37e2eacf/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
----------------------------------------------------------------------
diff --git 
a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
 
b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
index 9607377..d09421f 100644
--- 
a/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
+++ 
b/server/openejb-cxf/src/main/java/org/apache/openejb/server/cxf/OpenEJBLoginValidator.java
@@ -16,6 +16,7 @@
  */
 package org.apache.openejb.server.cxf;
 
+import org.apache.openejb.core.security.AbstractSecurityService;
 import org.apache.openejb.loader.SystemInstance;
 import org.apache.openejb.spi.SecurityService;
 import org.apache.ws.security.WSPasswordCallback;
@@ -54,7 +55,9 @@ public class OpenEJBLoginValidator extends 
UsernameTokenValidator {
             securityService.disassociate();
 
             token = securityService.login(user, password);
-            securityService.associate(token);
+            if (AbstractSecurityService.class.isInstance(securityService) && 
AbstractSecurityService.class.cast(securityService).currentState() == null) {
+                securityService.associate(token);
+            }
 
         } catch (final LoginException e) {
             throw new SecurityException("cannot log user " + user, e);

Reply via email to