You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2007/04/08 19:32:32 UTC

[jira] Created: (GERONIMO-3073) More security bugs in openejb integration

More security bugs in openejb integration
-----------------------------------------

                 Key: GERONIMO-3073
                 URL: https://issues.apache.org/jira/browse/GERONIMO-3073
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: OpenEJB
    Affects Versions: 2.0-M5
            Reporter: David Jencks
         Assigned To: David Jencks
             Fix For: 2.0-M5


- GeronimoIdentityResolver should get the subject from the ContextManager, not Subject.getSubject, since it's possible to do a login programatically without a CallbackHandler and skip the Subject.doAs(), and furthermore at least in 1.4 jvms the subject from Subject.getSubject tends to disappear after a while.

- Most likely we need to map the "business home" and local home methods to "unchecked" so that injection can work if the default principal is not authorized for everything.



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-3073) More security bugs in openejb integration

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12487464 ] 

David Jencks commented on GERONIMO-3073:
----------------------------------------

business home and local home methods made unchecked in rev 526613.  Note that the methods in these interfaces are never called by clients, just by the system, so security checks on them seem a bit bogus.

> More security bugs in openejb integration
> -----------------------------------------
>
>                 Key: GERONIMO-3073
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3073
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: OpenEJB
>    Affects Versions: 2.0-M5
>            Reporter: David Jencks
>         Assigned To: David Jencks
>             Fix For: 2.0-M5
>
>
> - GeronimoIdentityResolver should get the subject from the ContextManager, not Subject.getSubject, since it's possible to do a login programatically without a CallbackHandler and skip the Subject.doAs(), and furthermore at least in 1.4 jvms the subject from Subject.getSubject tends to disappear after a while.
> - Most likely we need to map the "business home" and local home methods to "unchecked" so that injection can work if the default principal is not authorized for everything.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-3073) More security bugs in openejb integration

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12487467 ] 

David Jencks commented on GERONIMO-3073:
----------------------------------------

GeronimoIdentityResolver moved to geronimo-openejb in rev 526629.  We should consider a geronimo-openejb-client module, but the axis module might have to adapt.

> More security bugs in openejb integration
> -----------------------------------------
>
>                 Key: GERONIMO-3073
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3073
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: OpenEJB
>    Affects Versions: 2.0-M5
>            Reporter: David Jencks
>         Assigned To: David Jencks
>             Fix For: 2.0-M5
>
>
> - GeronimoIdentityResolver should get the subject from the ContextManager, not Subject.getSubject, since it's possible to do a login programatically without a CallbackHandler and skip the Subject.doAs(), and furthermore at least in 1.4 jvms the subject from Subject.getSubject tends to disappear after a while.
> - Most likely we need to map the "business home" and local home methods to "unchecked" so that injection can work if the default principal is not authorized for everything.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-3073) More security bugs in openejb integration

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks closed GERONIMO-3073.
----------------------------------

       Resolution: Fixed
    Fix Version/s:     (was: 2.0-M5)
                   2.0-M6

Openejb security is working OK.  If we decide to change how "remote login" is  working that deserves it's own jira.

> More security bugs in openejb integration
> -----------------------------------------
>
>                 Key: GERONIMO-3073
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3073
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: OpenEJB
>    Affects Versions: 2.0-M5
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.0-M6
>
>
> - GeronimoIdentityResolver should get the subject from the ContextManager, not Subject.getSubject, since it's possible to do a login programatically without a CallbackHandler and skip the Subject.doAs(), and furthermore at least in 1.4 jvms the subject from Subject.getSubject tends to disappear after a while.
> - Most likely we need to map the "business home" and local home methods to "unchecked" so that injection can work if the default principal is not authorized for everything.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-3073) More security bugs in openejb integration

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12487454 ] 

David Jencks commented on GERONIMO-3073:
----------------------------------------

GeronimoIdentityResolver fixed in rev 526585.

> More security bugs in openejb integration
> -----------------------------------------
>
>                 Key: GERONIMO-3073
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3073
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: OpenEJB
>    Affects Versions: 2.0-M5
>            Reporter: David Jencks
>         Assigned To: David Jencks
>             Fix For: 2.0-M5
>
>
> - GeronimoIdentityResolver should get the subject from the ContextManager, not Subject.getSubject, since it's possible to do a login programatically without a CallbackHandler and skip the Subject.doAs(), and furthermore at least in 1.4 jvms the subject from Subject.getSubject tends to disappear after a while.
> - Most likely we need to map the "business home" and local home methods to "unchecked" so that injection can work if the default principal is not authorized for everything.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-3073) More security bugs in openejb integration

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12487466 ] 

David Jencks commented on GERONIMO-3073:
----------------------------------------

more problems:

- GeronimoIdentityResolver pulls in a dependency on openejb-client in geronimo-security which is quite inappropriate

- The GeronimoIdentityResolver/GeronimoSecurityService pair let us eliminate the "remote login" stuff in geronimo-security, which will eliminate all the hard-to-understand parts of geronimo-security.  It might remove kerberos capabilities, but we can re-add those pretty easily and there's probably a more appropriate way to use kerberos.

> More security bugs in openejb integration
> -----------------------------------------
>
>                 Key: GERONIMO-3073
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3073
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: OpenEJB
>    Affects Versions: 2.0-M5
>            Reporter: David Jencks
>         Assigned To: David Jencks
>             Fix For: 2.0-M5
>
>
> - GeronimoIdentityResolver should get the subject from the ContextManager, not Subject.getSubject, since it's possible to do a login programatically without a CallbackHandler and skip the Subject.doAs(), and furthermore at least in 1.4 jvms the subject from Subject.getSubject tends to disappear after a while.
> - Most likely we need to map the "business home" and local home methods to "unchecked" so that injection can work if the default principal is not authorized for everything.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.