-
Notifications
You must be signed in to change notification settings - Fork 582
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3645 sync user during login #5077
3645 sync user during login #5077
Conversation
Code analysis and actionsDO NOT DELETE THIS COMMENT.
|
…o we can remove the user id from the login thread
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kyle - thanks for making these changes. I'd like Teddy to take a look at this and be the approver. It all looks fine to me, but I am not as familiar with the overall security code and I want to make sure that these changes are not going to break some other part of the security code. I'd also like to talk with you about the FAT tests since those would be delivered separately.
@@ -496,6 +505,17 @@ private void setSubjectAndCookies(HttpServletRequest req, HttpServletResponse re | |||
if (addSSOCookie) { | |||
ssoCookieHelper.addSSOCookiesToResponse(subject, req, resp); | |||
} | |||
try { | |||
Object loginToken = ThreadIdentityManager.setAppThreadIdentity(subject); | |||
WebSecurityContext webSecurityContext = (WebSecurityContext) SRTServletRequestUtils.getPrivateAttribute(req, "SECURITY_CONTEXT"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems there should be a constant here for the "SECURITY_CONTEXT" string
@@ -567,8 +576,10 @@ public Object preInvoke(HttpServletRequest req, HttpServletResponse resp, String | |||
performSecurityChecks(req, resp, receivedSubject, webSecurityContext); | |||
} | |||
|
|||
extraAuditData.put("HTTP_SERVLET_REQUEST", req); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was wondering why the extra audit data was deleted as this doesn't seem to have anything to do with the sync to thread changes, but then again I don't know much about these parts so maybe it was necessary =)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good. Please address comments.
...bcontainer.security/src/com/ibm/ws/webcontainer/security/WebAppSecurityCollaboratorImpl.java
Outdated
Show resolved
Hide resolved
...bcontainer.security/src/com/ibm/ws/webcontainer/security/WebAppSecurityCollaboratorImpl.java
Outdated
Show resolved
Hide resolved
Fast-forwarding branch
…mercial liberty delivery
#build |
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_x2opYPG4Eei52rYPrqOLXw Target locations of links might be accessible only to IBM employees. |
#build |
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_2dN2EPKAEei52rYPrqOLXw Target locations of links might be accessible only to IBM employees. |
The build kberkos-public-5077-20181127-2120 |
#build |
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_nJQmwPMjEei52rYPrqOLXw Target locations of links might be accessible only to IBM employees. |
The build kberkos-public-5077-20181128-1648 |
#build |
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_7hukgPS_Eei52rYPrqOLXw Target locations of links might be accessible only to IBM employees. |
The build kberkos-public-5077-20181130-1826 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The last build contained only previously-reported defects, or unrelated timing problems. I am approving the PR.
No description provided.