geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Asking again: No registered context in security getCurrentContext() after apps run for two days.
Date Thu, 11 Oct 2007 00:56:14 GMT
I wonder if it would be appropriate to replace the expired context  
with something representing the "no one" identity?  then the ACE  
might occur naturally when "no one" can't do something but stuff that  
is actually allowed for an unauthenticated user would still work...   
so I think this would modify the timeout method rather than the code  
you are looking at.

haven't looked into it in detail yet.

thanks
david jencks

On Oct 10, 2007, at 4:08 PM, Scott Stanchfield wrote:

>
> Sorry -- forgot the code...
>
> Replace
>
>   assert context != null : "No registered context";
>
> with
>
>   if (context == null)
>     throw new AccessControlException("No registered context (may have
> expired)");
>
>
> Scott Stanchfield wrote:
>>
>> Suggested Fix
>>
>> Change getCurrentContext() to throw and AccessControlException when
>> context is null to prevent skipping of "after" processing in
>> BeforeAfterValve. All callers of getCurrentContext() already catch
>> AccessControlException and treat it as "not authorized".
>>
>
> -- 
> View this message in context: http://www.nabble.com/Asking-again%3A- 
> No-registered-context-in-security-getCurrentContext%28%29-after- 
> apps-run-for-two-days.-tf4193578s134.html#a13146591
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>


Mime
View raw message