Return-Path: Delivered-To: apmail-incubator-geronimo-dev-archive@www.apache.org Received: (qmail 63565 invoked from network); 26 May 2004 07:47:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 26 May 2004 07:47:41 -0000 Received: (qmail 87294 invoked by uid 500); 26 May 2004 07:48:15 -0000 Delivered-To: apmail-incubator-geronimo-dev-archive@incubator.apache.org Received: (qmail 87218 invoked by uid 500); 26 May 2004 07:48:15 -0000 Mailing-List: contact geronimo-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: geronimo-dev@incubator.apache.org Delivered-To: mailing list geronimo-dev@incubator.apache.org Received: (qmail 87196 invoked by uid 98); 26 May 2004 07:48:14 -0000 Received: from jeremy@coredevelopers.net by hermes.apache.org by uid 82 with qmail-scanner-1.20 (clamuko: 0.70. Clear:RC:0(209.233.18.245):. Processed in 0.013126 secs); 26 May 2004 07:48:14 -0000 X-Qmail-Scanner-Mail-From: jeremy@coredevelopers.net via hermes.apache.org X-Qmail-Scanner: 1.20 (Clear:RC:0(209.233.18.245):. Processed in 0.013126 secs) Received: from unknown (HELO public.coredevelopers.net) (209.233.18.245) by hermes.apache.org with SMTP; 26 May 2004 07:48:14 -0000 Received: from coredevelopers.net (gateway [192.168.2.253]) by public.coredevelopers.net (Postfix on SuSE Linux 8.0 (i386)) with ESMTP id AA94426B92 for ; Wed, 26 May 2004 00:46:36 -0700 (PDT) Message-ID: <40B44B87.8090502@coredevelopers.net> Date: Wed, 26 May 2004 00:47:19 -0700 From: Jeremy Boynes User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: geronimo-dev@incubator.apache.org Subject: Re: AW: Changes to OpenEJB interceptor stack References: <003301c442ee$fafde750$7201a8c0@Tabletti> In-Reply-To: <003301c442ee$fafde750$7201a8c0@Tabletti> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: hermes.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N hbaxmann wrote: > IMHO this is not a security issue at first. > If one divide the "security" into authenfication, authorization and > auditing, then we have a iddentification issue here. The same problem will > at least arise if one tries to establish something what is called today AOP: > the 'turn-one-key-opens-all-doors' syndrome. > > I would vote for establishing an identity interceptor as the first in the > message flow. He is marking the call with the identity of the caller. So one > is able, even in threadlocal, to identifying who is in. > > absolutely wrong?? > If I understand you correctly, I think that is what we are doing, except we don't use an actual ThreadLocal, we associate the Subject with the thread's AccessControlContext. The question is where this should happen and how do we ensure it is done for all invocations including callbacks. -- Jeremy