tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jarek Gawor (JIRA)" <j...@apache.org>
Subject [jira] Updated: (OPENEJB-716) Security with LocalInitialContextFactory
Date Wed, 07 Nov 2007 18:26:51 GMT

     [ https://issues.apache.org/jira/browse/OPENEJB-716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jarek Gawor updated OPENEJB-716:
--------------------------------

    Attachment: OPENEJB-716.patch

A patch that addresses both issues. Added support for "openejb.authentication.realmName" property
and changed LocalInitialContextFactory not to cache the initial context. 

If there is a better way to do this, please let me know and I can resubmit another patch.


> Security with LocalInitialContextFactory
> ----------------------------------------
>
>                 Key: OPENEJB-716
>                 URL: https://issues.apache.org/jira/browse/OPENEJB-716
>             Project: OpenEJB
>          Issue Type: Bug
>          Components: security
>            Reporter: Jarek Gawor
>             Fix For: (trunk/openejb3)
>
>         Attachments: OPENEJB-716.patch
>
>
> We ran into two issues with LocalInitialContextFactory:
> 1) It does not support security realms like RemotelInitialContextFactory does.
> 2) Because LocalInitialContextFactory caches the InitialContext (context obtained from
org.apache.openejb.core.ivm.naming.InitContextFactory.getInitialContext()) the security authentication
is done only once per JVM instead of per access (or instance of LocalInitialContextFactory).
That means, that once a user uses LocalInitialContextFactory to access some EJB without security,
all other subsequent users of LocalInitialContextFactory will not be able to access EJBs with
security.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message