geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From david.blev...@visi.com
Subject Re: cvs commit: incubator-geronimo/modules/security/src/java/org/apache/geronimo/security ContextManager.java
Date Tue, 10 Feb 2004 19:22:15 GMT
On Tue, Feb 10, 2004 at 10:19:22AM -0800, Jeremy Boynes wrote:
> dblevins@apache.org wrote:
> 
> >dblevins    2004/02/10 03:06:27
> >
> >  Modified:    modules/security/src/java/org/apache/geronimo/security
> >                        ContextManager.java
> >  Log:
> >  Modified isCallerInRole and getCallerPrinciple to handle the situation
> >  where the caller is not known, as is the case when the security 
> >  interceptor
> >  is dissabled.
> >  
> 
> Hey David
> 
> I have concerns about disabling the security interceptor - isn't that 
> going to leave us wide open?

Just using your code:

        if (setSecurityInterceptor) {
            firstInterceptor = new EJBSecurityInterceptor(firstInterceptor, contextId, new
PermissionManager(ejbName, vopFactory.getSignatures()));
        }

> 
> If we do it, can't we just replace it with a 'null' interceptor that 
> just injects a dummy principal. That way all the downstream code can 
> work as usual and we are less likely to break things like IIOP propagation.

Sounds like a plan.

> 
> --
> Jeremy

-- 
David

Mime
View raw message