glassfish
  1. glassfish
  2. GLASSFISH-20679

After returned from setupSecurityContext(), should check whether CallerPrincipalCallback is handled

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: not determined
    • Fix Version/s: future release
    • Component/s: jca
    • Labels:
      None

      Description

      According to the section 16.4.5.1 "Case A: Establishing a Single Principal as the Caller Identity" of JCA1.6 Spec, if a resource adapter intends to establish an authenticated caller identity, and the principal Set of the executionSubject contains exactly the one Principal, then the setupSecurityContext() do not has to use the container provided CallbackHandler to handle a CallerPrincipalCallback.

      In this case, the container must check whether or not it handled the CallerPrincipalCallback after returned from setupSecurityContext(). If it determines that it did not handle any Callbacks, the container must transform the contents of the executionSubject, as if they are handled through the Callbacks on behalf of the resource adapter.

      But according to the method setupSecurityWorkContext (as below) of the class WorkContextHandlerImpl, GlassFish does not support the Case A. If setupSecurityContext() do not call CallbackHandler, GlassFish will ignore the content of executionSubject and setup up an unauthenticated identity for Work instance.

      private void setupSecurityWorkContext(SecurityContext securityWorkContext,
      WorkContextLifecycleListener listener, String raName)
      throws WorkCompletedException{
      try

      { Subject executionSubject = new Subject(); Subject serviceSubject = new Subject(); Map securityMap = getWorkContextMap(raName); CallbackHandler handler = new ConnectorCallbackHandler(executionSubject, runtime.getCallbackHandler(), securityMap); securityWorkContext.setupSecurityContext(handler, executionSubject, serviceSubject); // Need check whether the CallbackHandler is called or not here for Case A. notifyContextSetupComplete(listener); }

      catch (Exception e)

      { ... ... }

      }

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            dapeng_hu
            Reporter:
            dapeng_hu
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: