[GLASSFISH-20679] After returned from setupSecurityContext(), should check whether CallerPrincipalCallback is handled Created: 03/Jul/13  Updated: 11/Sep/14

Status: Open
Project: glassfish
Component/s: jca
Affects Version/s: not determined
Fix Version/s: future release

Type: Bug Priority: Major
Reporter: dapeng_hu Assignee: dapeng_hu
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Tags: jca


According to the section "Case A: Establishing a Single Principal as the Caller Identity" of JCA1.6 Spec, if a resource adapter intends to establish an authenticated caller identity, and the principal Set of the executionSubject contains exactly the one Principal, then the setupSecurityContext() do not has to use the container provided CallbackHandler to handle a CallerPrincipalCallback.

In this case, the container must check whether or not it handled the CallerPrincipalCallback after returned from setupSecurityContext(). If it determines that it did not handle any Callbacks, the container must transform the contents of the executionSubject, as if they are handled through the Callbacks on behalf of the resource adapter.

But according to the method setupSecurityWorkContext (as below) of the class WorkContextHandlerImpl, GlassFish does not support the Case A. If setupSecurityContext() do not call CallbackHandler, GlassFish will ignore the content of executionSubject and setup up an unauthenticated identity for Work instance.

private void setupSecurityWorkContext(SecurityContext securityWorkContext,
WorkContextLifecycleListener listener, String raName)
throws WorkCompletedException{

{ Subject executionSubject = new Subject(); Subject serviceSubject = new Subject(); Map securityMap = getWorkContextMap(raName); CallbackHandler handler = new ConnectorCallbackHandler(executionSubject, runtime.getCallbackHandler(), securityMap); securityWorkContext.setupSecurityContext(handler, executionSubject, serviceSubject); // Need check whether the CallbackHandler is called or not here for Case A. notifyContextSetupComplete(listener); }

catch (Exception e)

{ ... ... }


Generated at Thu Aug 25 17:52:35 UTC 2016 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.