javax.ejb.EJBAccessException does not contain information about what roles are required
anymore
-----------------------------------------------------------------------------------------------
Key: JBAS-7324
URL:
https://jira.jboss.org/jira/browse/JBAS-7324
Project: JBoss Application Server
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Components: EJB3
Affects Versions: JBossAS-4.2.3.GA
Reporter: Marco Schulze
Assignee: Carlo de Wolf
The SecurityException thrown when accessing EJB2 beans without sufficient permissions
contained the information what roles exactly were required. The exception message
contained sth. like this: "requiredRoles=[org.nightlabs.jfire.store.seeProductType],
principalRoles=[_Guest_]"
This was an easily parseable text and we used it to show the user a nice error message
with detailed information about what rights he should request from his boss or his
administrator.
Unfortunately, after we switched to EJB3, the now thrown EJBAccessException does not
contain this information anymore. It simply says "Authorization failure" without
any details.
Please extend org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor to pass the
required information (in a parseable form in the exception message).
Reference to our issue (with a stack trace and maybe other useful information):
https://www.jfire.org/modules/bugs/view.php?id=1292
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira