There are many testcases for security in the jbosstest unit tests and 2.4.3 works fine. Look at those and if you think you really have a bug post an example to sourceforge.
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "Joel Shellman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 17, 2001 10:35 PM Subject: [JBoss-dev] Bug in JaasSecurityManager in 2.4.3 > At least I'm pretty sure. I'm doing source level debugging and > activeSubject (the thread local variable) never gets set during a > request. > > Well, this results in the role never being authorized because line 195 > always returns null (the thread local always returns null because it's > never set for this thread). Thus on line 263, subject is null, and so > doesUserHaveRole() returns false. > > I put in break points at the only two points that I saw that every set > activeSubject, and neither one was hit during a request. > > Can anyone help me get a work around or fix for this? > > Could this be fixed in CVS? I just checked the log and I noticed: > Clean up the multiple return paths in validateCache to allow any > validation > path to cause the corresponding Subject to be associated with the thread > > I tried to just build a new jbosssx.jar and drop it in, and just the > JaasSecurityManager.class, but neither worked. Too many other things > have changed. > > Can someone give me an idea of which version of that file, or how to > patch 2.4.3 so I can get this to work? > > Thanks! > -- > Joel Shellman > iKestrel, Inc. http://www.ikestrel.com/ > > > _______________________________________________ > Jboss-development mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-development > _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
