Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-1756

Questionable management of the security association in StatefulSessionInstanceInterceptor

    XMLWordPrintable

Details

    Description

      The StatefulSessionInstanceInterceptor is pushing the security context using the legacy SecurityAssociation.setPrincipal()/setCredential() methods and although this has no affect on the authentication/authorization of the caller, it does have a side effects on the callee's security context that shows up in custom security integration code that is trying to use the SecurityAssociation state. The StatefulSessionInstanceInterceptor needs to be consistent with the other interceptors with regard to management of the security context stack.

      Attachments

        Activity

          People

            starksm64 Scott Stark (Inactive)
            starksm64 Scott Stark (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 2 hours
                2h
                Remaining:
                Remaining Estimate - 2 hours
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified