Bug #217 (closed)
Opened 18 years ago
Closed 18 years ago
Login information is being overwritten by multiple ServiceFactory instances.
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | blocker | Cc: | cxallan |
Sprint: | n.a. | ||
Total Remaining Time: | n.a. |
Description
Login with the JBoss JndiLoginInitialContextFactory occurs at the time of #getInitialContext (once at creation). This sets a global ThreadLocal variable (in SecurityAssociation) with the authentication credentials, meaning that the sequence:
ServiceFactory rootFactory = new ServiceFactory( rootLogin ); ServiceFactory userFactory = new ServiceFactory( userLogin) ; rootFactory.synchronizeLoginCache()
fails because the user doesn't have permission to call synchronizeLoginCache.
Plan:
- Refactor JndiStatefulObjectFactoryBean to ConfigurableJndiObjectFactoryBean
- Create a wrapper TargetSource around the returned JndiObjectTargetSource (not possible to inject or subclass since its an internal private method)
- Use normal JAAS login (longer-term. For a quick fix, we'll use SecurityAssociation directly)
Change History (2)
comment:1 Changed 18 years ago by jmoore
- Keywords changed from jboss, jaas to jboss, jaas, iteration1, story114
comment:2 Changed 18 years ago by jmoore
- Cc callan added
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
This was very nasty. Rather than only setting the thread values once, we have to set them on each call to proxy.getObject().
r771 fixes by taking JAAS login into our own hands. Currently we are still using the JBoss backdoor, but this can later be cleaned up to use LoginContext directly. We'll need to add a JAAS conf file. (#219)