[jboss-user] [Security & JAAS/JBoss] - Re: need advice

Wed, 13 Sep 2006 13:53:31 -0700 

Good Day,

The SecurityAssociation is used by the ClientLoginModule to stuff the Principal 
and Credentials into the calling threads context so that this can authenticated 
by the security inteceptors before a EJB call is processed.

Is a SecurityException being thrown because the ClientLoginModule makes use of 
PrivilegedAction implemented in the internal class SecurityAssociationActions.

Try changing the java security policy for the code to all or use a 
PrivilegedAction.


  |    /**
  |     * Set the current principal information. If a security manager is 
present,
  |     * then this method calls the security manager's 
<code>checkPermission</code>
  |     * method with a <code> 
RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo")
  |     * </code> permission to ensure it's ok to access principal information. 
If
  |     * not, a <code>SecurityException</code> will be thrown.
  |     * @param principal - the current principal identity.
  |     */
  |    public static void setPrincipal(Principal principal)
  |    {
  |       SecurityManager sm = System.getSecurityManager();
  |       if (sm != null)
  |          sm.checkPermission(setPrincipalInfoPermission);
  | 
  |       if (trace)
  |          log.trace("setPrincipal, p=" + principal + ", server=" + server);
  |       if (server)
  |       {
  |          threadPrincipal.set(principal);
  |       }
  |       else
  |          SecurityAssociation.principal = principal;
  |       // Integrate with the new SubjectContext 
  |       SubjectContext sc = threadSubjectStacks.peek();
  |       if( sc == null )
  |       {
  |          // There is no active security context
  |          sc = new SubjectContext();
  |          threadSubjectStacks.push(sc);
  |       }
  |       else if( (sc.getFlags() & SubjectContext.PRINCIPAL_WAS_SET) != 0 )
  |       {
  |          // The current security context has its principal set
  |          sc = new SubjectContext();
  |          threadSubjectStacks.push(sc);    
  |       }
  |       sc.setPrincipal(principal);
  |       if (trace)
  |          log.trace("setPrincipal, sc="+sc);
  |    }
  | 

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971393#3971393

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3971393
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to