You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by Jeremy Boynes <je...@coredevelopers.net> on 2004/02/10 19:19:22 UTC

Re: cvs commit: incubator-geronimo/modules/security/src/java/org/apache/geronimo/security ContextManager.java

dblevins@apache.org wrote:

> dblevins    2004/02/10 03:06:27
> 
>   Modified:    modules/security/src/java/org/apache/geronimo/security
>                         ContextManager.java
>   Log:
>   Modified isCallerInRole and getCallerPrinciple to handle the situation
>   where the caller is not known, as is the case when the security interceptor
>   is dissabled.
>   

Hey David

I have concerns about disabling the security interceptor - isn't that 
going to leave us wide open?

If we do it, can't we just replace it with a 'null' interceptor that 
just injects a dummy principal. That way all the downstream code can 
work as usual and we are less likely to break things like IIOP propagation.

--
Jeremy

Re: cvs commit: incubator-geronimo/modules/security/src/java/org/apache/geronimo/security ContextManager.java

Posted by da...@visi.com.

On Tue, Feb 10, 2004 at 10:19:22AM -0800, Jeremy Boynes wrote:
> dblevins@apache.org wrote:
> 
> >dblevins    2004/02/10 03:06:27
> >
> >  Modified:    modules/security/src/java/org/apache/geronimo/security
> >                        ContextManager.java
> >  Log:
> >  Modified isCallerInRole and getCallerPrinciple to handle the situation
> >  where the caller is not known, as is the case when the security 
> >  interceptor
> >  is dissabled.
> >  
> 
> Hey David
> 
> I have concerns about disabling the security interceptor - isn't that 
> going to leave us wide open?

Just using your code:

        if (setSecurityInterceptor) {
            firstInterceptor = new EJBSecurityInterceptor(firstInterceptor, contextId, new PermissionManager(ejbName, vopFactory.getSignatures()));
        }

> 
> If we do it, can't we just replace it with a 'null' interceptor that 
> just injects a dummy principal. That way all the downstream code can 
> work as usual and we are less likely to break things like IIOP propagation.

Sounds like a plan.

> 
> --
> Jeremy

-- 
David