]
jaikiran pai updated AS7-3154:
------------------------------
Fix Version/s: 7.1.0.Final
Affects Version/s: 7.1.0.CR1b
Component/s: EJB
Forum Reference:
GetCallerPrincipal in timeout callback doesn't behave correctly
----------------------------------------------------------------
Key: AS7-3154
URL:
https://issues.jboss.org/browse/AS7-3154
Project: Application Server 7
Issue Type: Bug
Components: EJB
Affects Versions: 7.1.0.CR1b
Reporter: arjan tijms
Labels: exception, security, timer
Fix For: 7.1.0.Final
Attachments: EJBTHREE-2274.zip
When {{getCallerPrincipal}} is called from within a timeout callback method, JBoss AS
either throws an exception or returns the unauthenticated identity, but with the roles of
the principal that scheduled the timer (if any).
Per section 18.2.5.3 of the EJB 3.1 specification this is not correct:
{quote}
Since a timeout callback method is an internal method of the bean class, it has no client
security context. When getCallerPrincipal is called from within a timeout callback method,
it returns the container's representation of the unauthenticated identity.
{quote}
EJBTHREE-1036 seems related.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: