1. glassfish
  2. GLASSFISH-20679

After returned from setupSecurityContext(), should check whether CallerPrincipalCallback is handled


    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: not determined
    • Fix Version/s: future release
    • Component/s: jca
    • Labels:


      According to the section "Case A: Establishing a Single Principal as the Caller Identity" of JCA1.6 Spec, if a resource adapter intends to establish an authenticated caller identity, and the principal Set of the executionSubject contains exactly the one Principal, then the setupSecurityContext() do not has to use the container provided CallbackHandler to handle a CallerPrincipalCallback.

      In this case, the container must check whether or not it handled the CallerPrincipalCallback after returned from setupSecurityContext(). If it determines that it did not handle any Callbacks, the container must transform the contents of the executionSubject, as if they are handled through the Callbacks on behalf of the resource adapter.

      But according to the method setupSecurityWorkContext (as below) of the class WorkContextHandlerImpl, GlassFish does not support the Case A. If setupSecurityContext() do not call CallbackHandler, GlassFish will ignore the content of executionSubject and setup up an unauthenticated identity for Work instance.

      private void setupSecurityWorkContext(SecurityContext securityWorkContext,
      WorkContextLifecycleListener listener, String raName)
      throws WorkCompletedException{

      { Subject executionSubject = new Subject(); Subject serviceSubject = new Subject(); Map securityMap = getWorkContextMap(raName); CallbackHandler handler = new ConnectorCallbackHandler(executionSubject, runtime.getCallbackHandler(), securityMap); securityWorkContext.setupSecurityContext(handler, executionSubject, serviceSubject); // Need check whether the CallbackHandler is called or not here for Case A. notifyContextSetupComplete(listener); }

      catch (Exception e)

      { ... ... }



        There are no comments yet on this issue.


          • Assignee:
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: