Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-11036

IIOP - Client principal is retained in subsequent invocations even if the client is not associated with the principal anymore

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • EAP_EWP 5.3.0.ER2
    • EAP_EWP 5.2.0, EAP_EWP 5.3.0.ER1
    • IIOP
    • None
    • Not Required
    • NEW

      Client principal is retained on server in SecurityAssociation in subsequent invocations even if the calling client is not associated with the principal anymore. This allows an client to execute code which he should not be allowed to execute.

              dpospisil Dominik Pospisil (Inactive)
              dpospisil Dominik Pospisil (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: