Geronimo
  1. Geronimo
  2. GERONIMO-2313

Subject not propagated correctly between web app and ejb

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.1, 1.1.1, 1.1.x
    • Fix Version/s: 1.1.1, 1.1.2, 1.2
    • Component/s: None
    • Security Level: public (Regular issues)
    • Labels:
      None

      Description

      With a web app with security, that calls an ejb, isCallerInRole in the ejb always returns false.

      this is caused by the web app not setting nextCaller and the ejb interceptors shifting nextCaller to currentCaller, so when the isCallerInRole is tested there is a null subject.... so it returns false.

      1. GERONIMO-2313-openejb.diff
        7 kB
        David Jencks
      2. GERONIMO-2313.diff
        55 kB
        David Jencks
      3. ejbrefsec-ear-1.0-SNAPSHOT.ear
        12 kB
        David Jencks
      4. ejbrefsec.src.jar
        41 kB
        David Jencks

        Activity

        Hide
        David Jencks added a comment -

        Sample app to demonstrate the problem, together with m2 project source.

        Deploy the ear.

        visit

        localhost:8080/manifestcp/servlet in your browser

        Look on the server console: it will tell you the result of isCallerInRole for each ejb access. false means isCallerInRole is not working properly.

        Show
        David Jencks added a comment - Sample app to demonstrate the problem, together with m2 project source. Deploy the ear. visit localhost:8080/manifestcp/servlet in your browser Look on the server console: it will tell you the result of isCallerInRole for each ejb access. false means isCallerInRole is not working properly.
        Hide
        David Jencks added a comment -

        Here are patches for geronimo trunk and openejb2 trunk to fix this problem along the lines suggested in the dev list email discussion. Although this is a bug fix I'd prefer review of this patch before I apply it.

        Show
        David Jencks added a comment - Here are patches for geronimo trunk and openejb2 trunk to fix this problem along the lines suggested in the dev list email discussion. Although this is a bug fix I'd prefer review of this patch before I apply it.
        Hide
        David Jencks added a comment -

        Alan agrees that this is a reasonable direction to go in to fix this problem.

        G trunk rev 431706
        openejb2 trunk rev 2854

        Merging with 1.1 required some manual work, much of it from the TCM removal and openejb configuration work dain did. The sample/test app attached works properly with the 1.1 modifications.

        G 1.1 branch rev 431735
        openejb2 2.1 branch rev 2855

        Show
        David Jencks added a comment - Alan agrees that this is a reasonable direction to go in to fix this problem. G trunk rev 431706 openejb2 trunk rev 2854 Merging with 1.1 required some manual work, much of it from the TCM removal and openejb configuration work dain did. The sample/test app attached works properly with the 1.1 modifications. G 1.1 branch rev 431735 openejb2 2.1 branch rev 2855
        Hide
        David Jencks added a comment -

        Sample app works, lets see if I can get the user who found the problem to test this out.

        Show
        David Jencks added a comment - Sample app works, lets see if I can get the user who found the problem to test this out.
        Hide
        David Jencks added a comment -

        After discussion with alan and matt we agreed to put this into 1.1.1 as well.

        G. r431975
        openejb 2.1.1 r 2856

        Show
        David Jencks added a comment - After discussion with alan and matt we agreed to put this into 1.1.1 as well. G. r431975 openejb 2.1.1 r 2856
        Hide
        Donald Woods added a comment -

        I see the update in the openejb 2.1 branch (aka. 2.1.2-snapshot), but not in the 2.1.1 branch yet....

        Show
        Donald Woods added a comment - I see the update in the openejb 2.1 branch (aka. 2.1.2-snapshot), but not in the 2.1.1 branch yet....
        Hide
        David Jencks added a comment -

        Donald Woods noticed that the openejb EjbRequestHandler is calling ContextManager.setCallers(null, null) instead of ContextManager.clearCallers().

        Show
        David Jencks added a comment - Donald Woods noticed that the openejb EjbRequestHandler is calling ContextManager.setCallers(null, null) instead of ContextManager.clearCallers().
        Hide
        David Jencks added a comment -

        call to ContextManager.setCallers(null, null) fixed in

        openejb trunk r. 2859
        openejb branch 2.1 r 2860
        openejb branch 2.1.1 r 2861

        Show
        David Jencks added a comment - call to ContextManager.setCallers(null, null) fixed in openejb trunk r. 2859 openejb branch 2.1 r 2860 openejb branch 2.1.1 r 2861

          People

          • Assignee:
            David Jencks
            Reporter:
            David Jencks
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development