For the lists benefit as requested.
That code block is only executed when one has assigned a security
proxy to perform non-delcarative security checks like performing
a Subject based permission check. It is never accessed when using
the ejb-jar.xml declarative security.
Interestingly this code has only been tested with StatefulSessionBeans
and it does work only because the standard StatefulSessionBean
container interceptor config places the StatefulSessionInstanceInterceptor
ahead of the SecurityInterceptor. In general the bean must be available
to the non-declarative security code as it is often a function of the bean
state so either the SecurityInterceptor needs to come after the bean
context interceptor or security needs to be split into declarative/non-declarative
steps with seperate interceptors.
----- Original Message -----
From: "marc fleury" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 09, 2001 4:11 PM
Subject: RE: [JBoss-dev] METHOD-INVOCATION
> From SecurityInterceptor invoke()
>
> Object bean = mi.getEnterpriseContext().getInstance();
> EJBContext ctx = mi.getEnterpriseContext().getEJBContext();
> Object[] args = mi.getArguments();
> securityProxy.setEJBContext(ctx);
>
> You get the context (!) and then the instance and ejbcontext from it.
>
> The context, itself, is not set, your interceptor is before the
> acquisition.. surprised you don't have NPEs everywhere....
>
> Let's take it private, no need to bother the list with clean-ups
>
> marc
>
>
> |-----Original Message-----
> |From: [EMAIL PROTECTED]
> |[mailto:[EMAIL PROTECTED]]On Behalf Of Scott
> |M Stark
> |Sent: Wednesday, May 09, 2001 6:45 PM
> |To: [EMAIL PROTECTED]
> |Subject: Re: [JBoss-dev] METHOD-INVOCATION
> |
> |
> |Ok, right. I don't try to access the EnterpriseContext associated with the
> |MethodInvocation and if I did, it would not have been set yet.
> |
> |----- Original Message -----
> |From: "marc fleury" <[EMAIL PROTECTED]>
> |To: <[EMAIL PROTECTED]>
> |Sent: Wednesday, May 09, 2001 3:13 PM
> |Subject: RE: [JBoss-dev] METHOD-INVOCATION
> |
> |
> |>
> |> |> 2- The security, do we associate the Principal to the ctx
> |> |somewhere else? I
> |> |> don't believe we should associate to the ctx (see warning in
> |> |source, I also
> |> |> need to update these). Scott do you take care of associating the
> |> |ctx to the
> |> |> principal somewhere else?
> |> |>
> |> |The prinicpal identity and credentials is taken from the
> |MethodInfocation
> |> |object and if validated, set as a property of the invocation
> |thread using
> |> |the SecurityAssociation class. In the JAAS version there is
> |also a thread
> |> |local Subject established.
> |>
> |> I was asking about the ctx association, I am saying so because I don't
> |> believe you have a context yet, your security interceptor is
> |before the ctx
> |> interceptor
> |>
> |> marc
> |
> |
> |
> |_______________________________________________
> |Jboss-development mailing list
> |[EMAIL PROTECTED]
> |http://lists.sourceforge.net/lists/listinfo/jboss-development
>
>
>
> _______________________________________________
> Jboss-development mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-development
>
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
