Hi David,

I don't understand why you say "I avoided any threading changes because I
was concerned about its affect on transactions. " because this is actually
what you're doing in WeblogicSecurityBean#runPrivilegedActionAsSubject: this
piece of code is pushing/poping the security context in the threadlocal.

I don't understand either why I would need DelegateProcessor, your
WeblogicSecurityInterceptStrategy seems enough.

To summarize you work (correct me if I'm wrong):
- For Inbound JMS: you're creating a dedicated thread pool with the
specialized WeblogicSecureThreadFactory, as result each listener thread has
his security context properly set on creation. I would just fear this
security context gets dirty with time. Ideally we should intercept inside
the message polling loop and wrap the MessageConsumer#receive in a
runPrivilegedAction, but the DMLC is not very configurable here.
- For Outbound JMS: you're intercepting the JMS Producer Endpoint to set the
security context.





--
View this message in context: 
http://camel.465427.n5.nabble.com/Weblogic-JMS-Security-Issues-A-possible-resolution-tp5735108p5735175.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Reply via email to