You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by db...@apache.org on 2004/02/10 12:06:27 UTC
cvs commit: incubator-geronimo/modules/security/src/java/org/apache/geronimo/security ContextManager.java
dblevins 2004/02/10 03:06:27
Modified: modules/security/src/java/org/apache/geronimo/security
ContextManager.java
Log:
Modified isCallerInRole and getCallerPrinciple to handle the situation
where the caller is not known, as is the case when the security interceptor
is dissabled.
Revision Changes Path
1.3 +11 -1 incubator-geronimo/modules/security/src/java/org/apache/geronimo/security/ContextManager.java
Index: ContextManager.java
===================================================================
RCS file: /home/cvs/incubator-geronimo/modules/security/src/java/org/apache/geronimo/security/ContextManager.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ContextManager.java 25 Jan 2004 01:47:09 -0000 1.2
+++ ContextManager.java 10 Feb 2004 11:06:27 -0000 1.3
@@ -145,6 +145,12 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(GET_CONTEXT);
+ Object caller = currentCaller.get();
+ if (caller == null){
+ return new Principal(){
+ public String getName(){return "";}
+ };
+ }
Context context = (Context) subjectContexts.get(currentCaller.get());
assert context != null : "No registered context";
@@ -177,6 +183,9 @@
if (role == null) throw new IllegalArgumentException("Role must not be null");
try {
+ Object caller = currentCaller.get();
+ if (caller == null) return false;
+
Context context = (Context) subjectContexts.get(currentCaller.get());
assert context != null : "No registered context";
@@ -266,4 +275,5 @@
Subject subject;
Principal principal;
}
+
}
Re: cvs commit: incubator-geronimo/modules/security/src/java/org/apache/geronimo/security ContextManager.java
Posted by da...@visi.com.
On Tue, Feb 10, 2004 at 10:19:22AM -0800, Jeremy Boynes wrote:
> dblevins@apache.org wrote:
>
> >dblevins 2004/02/10 03:06:27
> >
> > Modified: modules/security/src/java/org/apache/geronimo/security
> > ContextManager.java
> > Log:
> > Modified isCallerInRole and getCallerPrinciple to handle the situation
> > where the caller is not known, as is the case when the security
> > interceptor
> > is dissabled.
> >
>
> Hey David
>
> I have concerns about disabling the security interceptor - isn't that
> going to leave us wide open?
Just using your code:
if (setSecurityInterceptor) {
firstInterceptor = new EJBSecurityInterceptor(firstInterceptor, contextId, new PermissionManager(ejbName, vopFactory.getSignatures()));
}
>
> If we do it, can't we just replace it with a 'null' interceptor that
> just injects a dummy principal. That way all the downstream code can
> work as usual and we are less likely to break things like IIOP propagation.
Sounds like a plan.
>
> --
> Jeremy
--
David
Re: cvs commit: incubator-geronimo/modules/security/src/java/org/apache/geronimo/security
ContextManager.java
Posted by Jeremy Boynes <je...@coredevelopers.net>.
dblevins@apache.org wrote:
> dblevins 2004/02/10 03:06:27
>
> Modified: modules/security/src/java/org/apache/geronimo/security
> ContextManager.java
> Log:
> Modified isCallerInRole and getCallerPrinciple to handle the situation
> where the caller is not known, as is the case when the security interceptor
> is dissabled.
>
Hey David
I have concerns about disabling the security interceptor - isn't that
going to leave us wide open?
If we do it, can't we just replace it with a 'null' interceptor that
just injects a dummy principal. That way all the downstream code can
work as usual and we are less likely to break things like IIOP propagation.
--
Jeremy