EJBMethodPermission implies should check for null methodname and methodSig=="" ------------------------------------------------------------------------------ Key: JBAS-5014 URL: http://jira.jboss.com/jira/browse/JBAS-5014 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: Security Affects Versions: JBossAS-4.2.2.GA, JBossAS-5.0.0.Beta2 Reporter: Anil Saldhana Assigned To: Scott M Stark Fix For: JBossAS-5.0.0.Beta3, JBossAS-4.2.3.GA Consider the following test: ============== /** * Test a Method Permission for all methods of an EJB */ public void testAllStarEJBMethodPermission() { EJBMethodPermission policyPerm = new EJBMethodPermission("ejbName", null, null, new String[0]); EJBMethodPermission userPerm = new EJBMethodPermission("ejbName", "create", dummyInterface.class.getMethods()[0]); EJBMethodPermission userPerm2 = new EJBMethodPermission("ejbName", "a", "LocalHome", new String[]{"java.lang.String"}); assertTrue(policyPerm.implies(userPerm)); assertTrue(policyPerm.implies(userPerm2)); } ======================================== The check for userPerm2 fails. The permission in the Policy should check for "null" methodName (which implies "*") and also for the methodSignature to be "" (or String[0]) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira