Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-7405

use-caller-identity should be default if no explicit security-identity is set in

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: JBossAS-5.1.0.GA
    • Fix Version/s: None
    • Component/s: EJB2
    • Labels:
      None

      Description

      According to
      http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.2/doc/Server_Configuration_Guide/J2EE_Declarative_Security_Overview-Security_Identity.html if no explicit security-identity is set in ejb-jar on a bean, then propagation of the caller identity should be the default.

      That is not currently the case, if no security-identity is set then useCallerIdentity remains false. I believe the bug is in org.jboss.ejb.plugins.SecurityInterceptor#setContainer and that adding the follwing at line 160 (on the JBossAS 5.1.0.GA version) should solve the problem:

      if (secMetaData == null)
      this.isUseCallerIdentity = true;

      Could be that this bug was introduced with the fix for JBAS-5011, for some reason I can't get fisheye to work right now to check it out.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                mmoyses Marcus Moyses
                Reporter:
                sverker Sverker Abrahamsson
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: