3 Replies Latest reply on Mar 23, 2004 9:20 AM by starksm64

    MBean method invocation cleans SecurityAssociation

    maaaah
    maaaah Mar 22, 2004 6:44 AM

      Hi All!
      I am using JBoss 3.2.3.
      I am trying to invoke an MBean method from a secured Stateless Session Bean. For example:

      beanMethod() {

      ...
      RMIAdaptor server = ...
      ...
      System.out.println("PRINCIPAL BEFORE MBEAN METHOD CALL = " + SecurityAssociation.getPrincipal())
      server.invoke(...);
      System.out.println("PRINCIPAL AFTER MBEAN METHOD CALL = " + SecurityAssociation.getPrincipal())

      ...

      }

      I am getting two following lines:
      PRINCIPAL BEFORE MBEAN METHOD CALL = user
      PRINCIPAL AFTER MBEAN METHOD CALL = null

      So, MBean method invocation destroys SecurityAssociation!!! And I can not call another secured EJBs in businessMethod() after MBean call.
      HELP ME PLEASE!

      • 2038 Views
      • Tags:
        • 1. Re: MBean method invocation cleans SecurityAssociation
          starksm64
          starksm64 Mar 22, 2004 11:45 AM (in response to maaaah)

          The RMIAdaptor is not usable from within the server if you expect the security context to be maintained. Its purpose is for access from external clients where the security context cannot be leaked to the transport thread pool.

          Use the MBeanServer directly.

            • Actions
          • 2. Re: MBean method invocation cleans SecurityAssociation
            maaaah
            maaaah Mar 23, 2004 4:47 AM (in response to maaaah)

            Oh, thank you! It works!

            But I have already written my own SecuredInvokerAdaptorService, which simple restores SecurityAssociation info instead of clear it.

            Look at InvokerAdaptorService.java, line 266:

            SecurityAssociation.clear();

            But I put the following lines there instead:

            SecurityAssociation.setPrincipal(storedPrincipal);
            SecurityAssociation.setCredential(storedCredential);

            where storedPrincipal and storedCredential contains Principal and Credential which SecurityAssociation had before MBean invocation.

            I am not sure it is correct. Can you answer me is it correct modification or have I broken something?
            Thank you.

              • Actions
            • 3. Re: MBean method invocation cleans SecurityAssociation
              starksm64
              starksm64 Mar 23, 2004 9:20 AM (in response to maaaah)

              Your leaking the security context back to the calling thread. Its up to you to decide if this is broken behavior in your environment.

                • Actions