geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Genimo + Quartz = No Security Context
Date Fri, 04 Apr 2008 17:14:53 GMT

On Apr 4, 2008, at 9:05 AM, ApolloX wrote:

>
>
> Dan Becker wrote:
>>
>> Quick question. Are you running with Java 2 security enabled?
>> (-Djava.security.manager)? If so, what policies are you running with?
>>
>> There are some areas in Geronimo where security AccessControllers  
>> must
>> be added, so this could be an area where privileged code is run  
>> without
>> the proper control blocks (see
>> https://issues.apache.org/jira/browse/GERONIMO-3938).
>>
>
> No I'm not but adding that switch produces the error on startup  
> shown in the
> ticket issue.  Should I be running with the security manager?

no, g. won't work as you  have discovered through experiment.
>
> It seems like my system isn't configured for a default security  
> role in the
> event a thread tries to access the EJB layer without a user context.

exactly correct
>   Is
> there a way to configure the geronimo files to make such a context  
> available
> for quartz threads?

You could try setting up a default principal in the geronimo security  
configuration.  I'm not confident that will help.  IIRC I made it  
more likely there would be a suitable "no permissions" subject  
available in 2.x.

> In theory I could pass the initialization servlet's
> context at the time the threads are created, but it seems like that  
> would
> (and probably should) expire while the threads are sleeping.

Have you tried having the quartz task make a remote call to the ejb?   
That _should_ go through the code that sets up an appropriate  
security context for the thread.  If the default principal doesn't  
work this may be your best option in 1.x.

Hope we can get you onto 2.x soon :-)
thanks
david jencks

> -- 
> View this message in context: http://www.nabble.com/Genimo-%2B- 
> Quartz-%3D-No-Security-Context-tp16467530s134p16492621.html
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>


Mime
View raw message