[jBoss-Dev] CVS update: jboss/src/main/org/jboss/ejb/pluginsSecurityInterceptor.java

[jBoss CVS Development]

  User: stark   
  Date: 01/01/25 10:08:07

  Modified:    src/main/org/jboss/ejb/plugins SecurityInterceptor.java
  Log:
  Remove the check of the current thread security association info
  as the method invocation should be the authoritative source and the
  thread info could be invalid
  
  Revision  Changes    Path
  1.10      +14 -18    jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
  
  Index: SecurityInterceptor.java
  ===================================================================
  RCS file: 
/products/cvs/ejboss/jboss/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- SecurityInterceptor.java  2001/01/19 17:20:17     1.9
  +++ SecurityInterceptor.java  2001/01/25 18:08:06     1.10
  @@ -43,7 +43,7 @@
    *   @see <related>
    *   @author Rickard �berg ([EMAIL PROTECTED])
    *   @author <a href="mailto:[EMAIL PROTECTED]">Daniel O'Connor</a>.
  - *   @version $Revision: 1.9 $
  + *   @version $Revision: 1.10 $
    */
   public class SecurityInterceptor
      extends AbstractInterceptor
  @@ -90,23 +90,19 @@
             throw new java.rmi.RemoteException("checkSecurityAssociation", new 
SecurityException("Role mapping manager has not been set"));
         }
   
  -      Principal principal = SecurityAssociation.getPrincipal();
  -      Object credential = SecurityAssociation.getCredential();
  -      if (principal == null)
  -      {
  -         principal = mi.getPrincipal();
  -         credential = mi.getCredential();
  -         if (principal == null || !securityManager.isValid( principal, credential ))
  -         {
  -            // should log illegal access
  -            throw new java.rmi.RemoteException("checkSecurityAssociation", new 
SecurityException("Authentication exception"));
  -         }
  -         else
  -         {
  -            SecurityAssociation.setPrincipal( principal );
  -            SecurityAssociation.setCredential( credential );
  -         }
  -      }
  +     // Check the security info from the method invocation
  +     Principal principal = mi.getPrincipal();
  +     Object credential = mi.getCredential();
  +     if (principal == null || !securityManager.isValid( principal, credential ))
  +     {
  +        // should log illegal access
  +        throw new java.rmi.RemoteException("checkSecurityAssociation", new 
SecurityException("Authentication exception"));
  +     }
  +     else
  +     {
  +        SecurityAssociation.setPrincipal( principal );
  +        SecurityAssociation.setCredential( credential );
  +     }
         Set methodPermissions = container.getMethodPermissions( mi.getMethod(), home 
);
   
         if (methodPermissions != null && !realmMapping.doesUserHaveRole( principal, 
methodPermissions ))