In the "jaas - commit()" thread I mentioned dropping the current check
for security credentials associated with the current thread and always using
the method invocation security credentials:
Principal principal = mi.getPrincipal();
Object credential = mi.getCredential();
if (principal == null || !securityManager.isValid( principal, credential ))
{
// should log illegal access
throw new RemoteException("checkSecurityAssociation", new
SecurityException("Authentication exception"));
}
else
{
SecurityAssociation.setPrincipal( principal );
SecurityAssociation.setCredential( credential );
}
I have tested this for the current scenarios under which security is not being
enforced correctly and this works. Can anyone comment on why the check of
the thread security association was added?
- Re: [jBoss-Dev] jaas - commit() Oleg Nitz
- Re: [jBoss-Dev] jaas - commit() dferugson
- RE: [jBoss-Dev] jaas - commit() Alexander Klyubin
- Re[2]: [jBoss-Dev] jaas - commit() Oleg Nitz
- RE: Re[2]: [jBoss-Dev] jaas - commit() Alexander Klyubin
- Re[4]: [jBoss-Dev] jaas - commit() Oleg Nitz
- RE: Re[4]: [jBoss-Dev] jaas - ... Alexander Klyubin
- Re: [jBoss-Dev] jaas - commit(... Oleg Nitz
- RE: [jBoss-Dev] jaas - commit(... Alexander Klyubin
- Re: [jBoss-Dev] jaas - commit(... Scott M Stark
- Re: [jBoss-Dev] SecurityInterc... Scott M Stark
- Re: [jBoss-Dev] SecurityInterc... Oleg Nitz
- Re: [jBoss-Dev] SecurityInterc... Scott M Stark
- RE: Re[4]: [jBoss-Dev] jaas - ... Alexander Klyubin
- Re: [jBoss-Dev] jaas - commit() Oleg Nitz
- Re: [jBoss-Dev] jaas - commit() Oleg Nitz
- Re: [jBoss-Dev] jaas - commit() dferugson
- Re[2]: [jBoss-Dev] jaas - commit() Oleg Nitz
- RE: [jBoss-Dev] jaas - commit() Kenworthy, Edward
- RE: [jBoss-Dev] jaas - commit() Kenworthy, Edward
- RE: Re[2]: [jBoss-Dev] jaas - commit() Kenworthy, Edward
