[seam-issues] [JBoss JIRA] (SEAMSECURITY-110) Document that an implementation of the Authenticator interfaces must not be @Stateless
Jozef Hartinger (Created) (JIRA)
jira-events at lists.jboss.org
Fri Oct 7 12:02:16 EDT 2011
Document that an implementation of the Authenticator interfaces must not be @Stateless
--------------------------------------------------------------------------------------
Key: SEAMSECURITY-110
URL: https://issues.jboss.org/browse/SEAMSECURITY-110
Project: Seam Security
Issue Type: Feature Request
Affects Versions: 3.1.0.Beta3
Reporter: Jozef Hartinger
Priority: Blocker
Fix For: 3.1.0.CR1
Document that an implementation of the Authenticator interface *must not* be @Stateless. It is not obvious from the documentation and can cause fatal bug in an application. The bug may not actually be reproducible in a development environment and only manifest itself in production, when the SLSB pool serves different instances for each invocation.
Besides a note in the docs, I would suggest that seam-security validates this, e.g.:
{noformat}
public void validateAuthenticatorImplementation(@Observes ProcessSessionBean<Authenticator> event)
{
if (SessionBeanType.STATELESS.equals(event.getSessionBeanType()))
{
event.addDefinitionError(new IllegalStateException("Authenticator " + event.getBean().getClass() + " cannot be a Stateless Session Bean"));
}
}
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list