Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-1756

Questionable management of the security association in StatefulSessionInstanceInterceptor

XMLWordPrintable

      The StatefulSessionInstanceInterceptor is pushing the security context using the legacy SecurityAssociation.setPrincipal()/setCredential() methods and although this has no affect on the authentication/authorization of the caller, it does have a side effects on the callee's security context that shows up in custom security integration code that is trying to use the SecurityAssociation state. The StatefulSessionInstanceInterceptor needs to be consistent with the other interceptors with regard to management of the security context stack.

              starksm64 Scott Stark (Inactive)
              starksm64 Scott Stark (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 2 hours
                  2h
                  Remaining:
                  Remaining Estimate - 2 hours
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified