Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-336 Sanitize inputs to the JavaEE Helpers
  3. SECURITY-349

EJBAuthorizationHelper->authorize needs either caller subject or caller run-as

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • JBossSecurity_2.0.2.SP5
    • JBossSecurity_2.0.2.SP4
    • JBossSX
    • None

      Currently a IllegalArgumentException is thrown if the caller subject is null. There is an use case where caller run-as can be non-null wherein the subject is not necessary.

      So flag an error only when both callersubject and caller run-as are null.

              anil.saldhana Anil Saldanha (Inactive)
              anil.saldhana Anil Saldanha (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: