Security lack with include component?

asked 2013-10-31 13:42:09 +0800

sensdb gravatar image sensdb
21 2

updated 2013-10-31 13:44:10 +0800

Hi there,

i am using zk 6 in my web app. as soon as i add some includes in my index.zul my security policy starts going weird.


I use a jboss7 and ejb3 as business architecture. From a session bean i let inject the session context, which i am using to print out the user. This works fine like the console prints

14:33:53,028 INFO [stdout] (http-- sa

when i am logged in as the user "sa" and changes when i log in with another user.

But as soon as i have a include tag in my zul i get the output

14:33:57,035 INFO [stdout] (Thread-70) sa

so...it's from a different thread. when i am logging out now and log in as another user ("oe" in this case) i get

14:37:18,643 INFO [stdout] (http-- oe

but as soon as i am using any musiness method i get the first user again...

14:37:18,807 INFO [stdout] (Thread-76) sa

this happens only with includes in it. what the hell is going on? is there any attribute which can be set to avoid this?

delete flag offensive retag edit

1 Answer

Sort by » oldest newest most voted

answered 2013-11-04 07:54:31 +0800

sensdb gravatar image sensdb
21 2

updated 2013-11-04 07:56:08 +0800

Hi again,

in the included zul files start with window tags again, so they have their own id space. if i use hbox instead of window, for instance, everything works fine again.

1st question: is it possible to disable the space-owner property of window? 2nd question: why do i get the error in my inital post? My weblayer is secured by configuring web.xml like

        <web-resource-name>User Auth</web-resource-name>
    <realm-name>User Auth</realm-name>

why do i get multiple security subjects in web layer? even worse: i get the subjects from any other user...

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

1 follower



Asked: 2013-10-31 13:42:09 +0800

Seen: 6 times

Last updated: Nov 04 '13

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More