Return-Path: 
 <geronimo-dev-return-6361-apmail-incubator-geronimo-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-geronimo-dev-archive@www.apache.org
Received: (qmail 9943 invoked from network); 10 Feb 2004 20:22:26 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 10 Feb 2004 20:22:26 -0000
Received: (qmail 67681 invoked by uid 500); 10 Feb 2004 20:22:04 -0000
Delivered-To: apmail-incubator-geronimo-dev-archive@incubator.apache.org
Received: (qmail 67569 invoked by uid 500); 10 Feb 2004 20:22:03 -0000
Mailing-List: contact geronimo-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:geronimo-dev-help@incubator.apache.org>
list-unsubscribe: <mailto:geronimo-dev-unsubscribe@incubator.apache.org>
list-post: <mailto:geronimo-dev@incubator.apache.org>
Reply-To: geronimo-dev@incubator.apache.org
Delivered-To: mailing list geronimo-dev@incubator.apache.org
Received: (qmail 67539 invoked from network); 10 Feb 2004 20:22:03 -0000
Received: from unknown (HELO corb.mc.mpls.visi.com) (208.42.156.1)
  by daedalus.apache.org with SMTP; 10 Feb 2004 20:22:03 -0000
Received: from sweetums.wibdio.net (c-66-41-158-180.mn.client2.attbi.com
 [66.41.158.180])
	by corb.mc.mpls.visi.com (Postfix) with ESMTP id B71A0888C
	for <geronimo-dev@incubator.apache.org>;
 Tue, 10 Feb 2004 14:22:07 -0600 (CST)
Received: by sweetums.wibdio.net (Postfix, from userid 500)
	id D26C51577D4; Tue, 10 Feb 2004 14:22:15 -0500 (EST)
Date: Tue, 10 Feb 2004 14:22:15 -0500
From: david.blevins@visi.com
To: geronimo-dev@incubator.apache.org
Subject: Re: cvs commit:
 incubator-geronimo/modules/security/src/java/org/apache/geronimo/security
 ContextManager.java
Message-ID: <20040210192215.GA8983@sweetums.ce1.client2.attbi.com>
References: <20040210110627.12115.qmail@minotaur.apache.org>
 <402920AA.1060509@coredevelopers.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <402920AA.1060509@coredevelopers.net>
User-Agent: Mutt/1.4i
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

On Tue, Feb 10, 2004 at 10:19:22AM -0800, Jeremy Boynes wrote:
> dblevins@apache.org wrote:
> 
> >dblevins    2004/02/10 03:06:27
> >
> >  Modified:    modules/security/src/java/org/apache/geronimo/security
> >                        ContextManager.java
> >  Log:
> >  Modified isCallerInRole and getCallerPrinciple to handle the situation
> >  where the caller is not known, as is the case when the security 
> >  interceptor
> >  is dissabled.
> >  
> 
> Hey David
> 
> I have concerns about disabling the security interceptor - isn't that 
> going to leave us wide open?

Just using your code:

        if (setSecurityInterceptor) {
            firstInterceptor = new EJBSecurityInterceptor(firstInterceptor, contextId, new PermissionManager(ejbName, vopFactory.getSignatures()));
        }

> 
> If we do it, can't we just replace it with a 'null' interceptor that 
> just injects a dummy principal. That way all the downstream code can 
> work as usual and we are less likely to break things like IIOP propagation.

Sounds like a plan.

> 
> --
> Jeremy

-- 
David