3645 sync user during login #5077
Conversation
Code analysis and actionsDO NOT DELETE THIS COMMENT.
|
kberkos-public
added
release bug
…o we can remove the user id from the login thread
There was a problem hiding this comment.
Kyle - thanks for making these changes. I'd like Teddy to take a look at this and be the approver. It all looks fine to me, but I am not as familiar with the overall security code and I want to make sure that these changes are not going to break some other part of the security code. I'd also like to talk with you about the FAT tests since those would be delivered separately.
| @@ -496,6 +505,17 @@ private void setSubjectAndCookies(HttpServletRequest req, HttpServletResponse re | |||
| if (addSSOCookie) { | |||
| ssoCookieHelper.addSSOCookiesToResponse(subject, req, resp); | |||
| } | |||
| try { | |||
| Object loginToken = ThreadIdentityManager.setAppThreadIdentity(subject); | |||
| WebSecurityContext webSecurityContext = (WebSecurityContext) SRTServletRequestUtils.getPrivateAttribute(req, "SECURITY_CONTEXT"); | |||
There was a problem hiding this comment.
Seems there should be a constant here for the "SECURITY_CONTEXT" string
| @@ -567,8 +576,10 @@ public Object preInvoke(HttpServletRequest req, HttpServletResponse resp, String | |||
| performSecurityChecks(req, resp, receivedSubject, webSecurityContext); | |||
| } | |||
|
|
|||
| extraAuditData.put("HTTP_SERVLET_REQUEST", req); | |||
There was a problem hiding this comment.
I was wondering why the extra audit data was deleted as this doesn't seem to have anything to do with the sync to thread changes, but then again I don't know much about these parts so maybe it was necessary =)
...bcontainer.security/src/com/ibm/ws/webcontainer/security/WebAppSecurityCollaboratorImpl.java
Outdated
Show resolved
Hide resolved
...bcontainer.security/src/com/ibm/ws/webcontainer/security/WebAppSecurityCollaboratorImpl.java
Outdated
Show resolved
Hide resolved
Fast-forwarding branch
…mercial liberty delivery
|
#build |
|
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_x2opYPG4Eei52rYPrqOLXw Target locations of links might be accessible only to IBM employees. |
|
#build |
|
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_2dN2EPKAEei52rYPrqOLXw Target locations of links might be accessible only to IBM employees. |
|
The build kberkos-public-5077-20181127-2120 |
|
#build |
|
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_nJQmwPMjEei52rYPrqOLXw Target locations of links might be accessible only to IBM employees. |
|
The build kberkos-public-5077-20181128-1648 |
|
#build |
|
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_7hukgPS_Eei52rYPrqOLXw Target locations of links might be accessible only to IBM employees. |
|
The build kberkos-public-5077-20181130-1826 |
No description provided.