Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: EAP 6.1.0.Alpha (7.2.0.Final)
Affects Version/s: 7.1.3.Final (EAP)
Component/s: IIOP
Labels:
None

Workaround Description:

Hide

If you enable the SASClientInitializer manually and set security="off" in the jacorb config then you can propagate the username and password, rather than relying on trust.

Show
If you enable the SASClientInitializer manually and set security="off" in the jacorb config then you can propagate the username and password, rather than relying on trust.

Description

Because AS7 uses the SASClientIdentityInterceptor it expects that the security context will be propagated using a trust based mechanism, however this trust based mechanism has not actually been fully implemented.

In EJBCorbaServant there is some code that comes from AS6 that just assumes username=password, with a comment that this needs to be removed once we have a mechanism to establish trust.

For now I think that we need to do two things:

Allow the server to easily use the SASClientInterceptor
Use the SASCurrent as a credential in EjbCorbaServant, so a custom login module can be used to establish trust

Attachments

Issue Links

blocks

AS7-6300 Add test for server to server security propagation over IIOP

Resolved

Activity

People

Assignee:: Stuart Douglas

Reporter:: Stuart Douglas

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 2013/01/15 6:42 PM

Updated:: 2020/09/14 5:42 AM

Resolved:: 2013/01/21 3:28 AM