hbaxmann wrote:
IMHO this is not a security issue at first. If one divide the "security" into authenfication, authorization and
auditing, then we have a iddentification issue here. The same problem will
at least arise if one tries to establish something what is called today AOP:
the 'turn-one-key-opens-all-doors' syndrome.
I would vote for establishing an identity interceptor as the first in the message flow. He is marking the call with the identity of the caller. So one is able, even in threadlocal, to identifying who is in.
absolutely wrong??
If I understand you correctly, I think that is what we are doing, except we don't use an actual ThreadLocal, we associate the Subject with the thread's AccessControlContext.
The question is where this should happen and how do we ensure it is done for all invocations including callbacks.
-- Jeremy
