geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rickmcgu...@apache.org
Subject svn commit: r549523 - /geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java
Date Thu, 21 Jun 2007 15:58:01 GMT
Author: rickmcguire
Date: Thu Jun 21 08:58:00 2007
New Revision: 549523

URL: http://svn.apache.org/viewvc?view=rev&rev=549523
Log:
Fix security problems when authenticated and unauthenticated requests are mixed. 


Modified:
    geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java

Modified: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java?view=diff&rev=549523&r1=549522&r2=549523
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java
(original)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/ServerSecurityInterceptor.java
Thu Jun 21 08:58:00 2007
@@ -97,7 +97,6 @@
                     contextId = contextBody.establish_msg().client_context_id;
 
                     identity = tssPolicy.check(SSLSessionManager.getSSLSession(ri.request_id()),
contextBody.establish_msg());
-
                     if (identity != null) {
                         ContextManager.registerSubject(identity);
                     }
@@ -163,6 +162,15 @@
 
             SubjectManager.setSubject(ri.request_id(), identity);
         }
+        else 
+        {
+            // if there's no identity given, make sure we clear this 
+            // to ensure that the default subject ends up getting used. 
+            ContextManager.clearCallers(); 
+            // and just to be on the safe side, make sure there's no 
+            // subject registered for this request. 
+            SubjectManager.clearSubject(ri.request_id());
+        }
     }
 
     public void receive_request_service_contexts(ServerRequestInfo ri) {
@@ -171,7 +179,10 @@
 
     public void send_exception(ServerRequestInfo ri) {
         Subject identity = SubjectManager.clearSubject(ri.request_id());
-        if (identity != null) ContextManager.unregisterSubject(identity);
+        if (identity != null) {
+            ContextManager.unregisterSubject(identity);
+            ContextManager.clearCallers(); 
+        }
 
         insertServiceContext(ri);
 
@@ -184,7 +195,10 @@
 
     public void send_reply(ServerRequestInfo ri) {
         Subject identity = SubjectManager.clearSubject(ri.request_id());
-        if (identity != null) ContextManager.unregisterSubject(identity);
+        if (identity != null) {
+            ContextManager.unregisterSubject(identity);
+            ContextManager.clearCallers(); 
+        }
 
         insertServiceContext(ri);
 



Mime
View raw message