Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-7550

AuthenticationInterceptor overwrites the existing SecurityContext

XMLWordPrintable

      The class org.jboss.jmx.connector.invoker.AuthenticationInterceptor has a bug.

      In the file deploy/jmx-invoker-service.xml i had enabled the "commented out" AuthenticationInterceptor on the definition of the
      org.jboss.jmx.connector.invoker.InvokerAdaptorService MBean.

      If the current Thread has a Principal (SecurityAssociation.getPrincipal()) then before the AuthenticationInterceptor the Principal is returned.
      After the AuthenticationInterceptor NULL is returned.

      Problem is similar to the bug JBAS-6449 where the problem was in the org.jboss.jmx.connector.invoker.InvokerAdaptorService.

      The AuthenticationInterceptor sets the SecurityContext in line 94-95, but didn't save the current one to restore it afterwards.
      SecurityContext sc = SecurityActions.createSecurityContext(securityDomain);
      SecurityActions.setSecurityContext(sc);

              anil.saldhana Anil Saldanha (Inactive)
              mardinator martin walla (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: