7:25 a.m.
Wrong exception RollesAllowed constraint is not fulfilled
---------------------------------------------------------
Key: AS7-2993
URL: https://issues.jboss.org/browse/AS7-2993
Project: Application Server 7
Issue Type: Bug
Components: EJB
Affects Versions: 7.1.0.Beta1b
Environment: If you have a SB with a method annotated with RollesAllowed({a,b,c})
and a SFSB which injects this bean. We also have client tries to access a method which
calls a restricted method on injected bean. This client does not possess a security role
specified in RolesAllowed , so the call should be rejected with EJBAccessException.
However, what I get is NoSuchEjbException.
Notes:
- this doesn't happen if there is only one security role in RollesAllowed
- this doesn't happen if the bean is injected to SLSB
- the NoSuchElement exception is thrown by
org.jboss.as.ejb3.component.stateful.StatefulComponentInstanceInterceptor:66 snipplet
follows:
ROOT_LOGGER.debug("Looking for stateful component instance with session id: " +
sessionId);
StatefulSessionComponentInstance instance = component.getCache().get(sessionId);
if (instance == null) {
//This exception will be transformed into the correct exception type by the
exception transforming interceptor
throw new NoSuchEJBException("Could not find SFSB " +
component.getComponentName() + " with " + sessionId);
}
- I'll provide a reproducer for this, it' ll be available in my git repo
(https://github.com/jlanik/jboss-as), branch EJBSecurity
classes: InjectionAnnSFSBtoSFSBTestCase, InjectionAnnSLSBtoSFSBTestCase
you can also look at InjectionAnnSFSBtoSLSBTestCase InjectionAnnSLSBtoSLSBTestCase (which
work ok)
I'll create a pull request with this and some other tests, so hopefully, It'll be
accessible in the main jboss-as repo soon.
Reporter: Jan Lanik
Assignee: jaikiran pai
Fix For: 7.1.0.CR1
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:27 a.m.
[
https://issues.jboss.org/browse/AS7-2993?page=com.atlassian.jira.plugin.s...
]
Jason Greene updated AS7-2993:
------------------------------
Fix Version/s: 7.1.0.Final
(was: 7.1.0.CR1)
Wrong exception RollesAllowed constraint is not fulfilled
---------------------------------------------------------
Key: AS7-2993
URL: https://issues.jboss.org/browse/AS7-2993
Project: Application Server 7
Issue Type: Bug
Components: EJB
Affects Versions: 7.1.0.Beta1b
Environment: If you have a SB with a method annotated with RollesAllowed({a,b,c})
and a SFSB which injects this bean. We also have client tries to access a method which
calls a restricted method on injected bean. This client does not possess a security role
specified in RolesAllowed , so the call should be rejected with EJBAccessException.
However, what I get is NoSuchEjbException.
Notes:
- this doesn't happen if there is only one security role in RollesAllowed
- this doesn't happen if the bean is injected to SLSB
- the NoSuchElement exception is thrown by
org.jboss.as.ejb3.component.stateful.StatefulComponentInstanceInterceptor:66 snipplet
follows:
ROOT_LOGGER.debug("Looking for stateful component instance with session id: " +
sessionId);
StatefulSessionComponentInstance instance = component.getCache().get(sessionId);
if (instance == null) {
//This exception will be transformed into the correct exception type by the
exception transforming interceptor
throw new NoSuchEJBException("Could not find SFSB " +
component.getComponentName() + " with " + sessionId);
}
- I'll provide a reproducer for this, it' ll be available in my git repo
(https://github.com/jlanik/jboss-as), branch EJBSecurity
classes: InjectionAnnSFSBtoSFSBTestCase, InjectionAnnSLSBtoSFSBTestCase
you can also look at InjectionAnnSFSBtoSLSBTestCase InjectionAnnSLSBtoSLSBTestCase (which
work ok)
I'll create a pull request with this and some other tests, so hopefully, It'll be
accessible in the main jboss-as repo soon.
Reporter: Jan Lanik
Assignee: jaikiran pai
Fix For: 7.1.0.Final
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:55 p.m.
[
https://issues.jboss.org/browse/AS7-2993?page=com.atlassian.jira.plugin.s...
]
Stuart Douglas commented on AS7-2993:
-------------------------------------
Are you sure this is not happening because a security (or other) exception is causing the
SFSB to be destroyed?
Wrong exception RollesAllowed constraint is not fulfilled
---------------------------------------------------------
Key: AS7-2993
URL: https://issues.jboss.org/browse/AS7-2993
Project: Application Server 7
Issue Type: Bug
Components: EJB
Affects Versions: 7.1.0.Beta1b
Environment: If you have a SB with a method annotated with RollesAllowed({a,b,c})
and a SFSB which injects this bean. We also have client tries to access a method which
calls a restricted method on injected bean. This client does not possess a security role
specified in RolesAllowed , so the call should be rejected with EJBAccessException.
However, what I get is NoSuchEjbException.
Notes:
- this doesn't happen if there is only one security role in RollesAllowed
- this doesn't happen if the bean is injected to SLSB
- the NoSuchElement exception is thrown by
org.jboss.as.ejb3.component.stateful.StatefulComponentInstanceInterceptor:66 snipplet
follows:
ROOT_LOGGER.debug("Looking for stateful component instance with session id: " +
sessionId);
StatefulSessionComponentInstance instance = component.getCache().get(sessionId);
if (instance == null) {
//This exception will be transformed into the correct exception type by the
exception transforming interceptor
throw new NoSuchEJBException("Could not find SFSB " +
component.getComponentName() + " with " + sessionId);
}
- I'll provide a reproducer for this, it' ll be available in my git repo
(https://github.com/jlanik/jboss-as), branch EJBSecurity
classes: InjectionAnnSFSBtoSFSBTestCase, InjectionAnnSLSBtoSFSBTestCase
you can also look at InjectionAnnSFSBtoSLSBTestCase InjectionAnnSLSBtoSLSBTestCase (which
work ok)
I'll create a pull request with this and some other tests, so hopefully, It'll be
accessible in the main jboss-as repo soon.
Reporter: Jan Lanik
Assignee: jaikiran pai
Fix For: 7.1.0.Final
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:52 a.m.
[
https://issues.jboss.org/browse/AS7-2993?page=com.atlassian.jira.plugin.s...
]
Jan Lanik commented on AS7-2993:
--------------------------------
I don't know why it is happening, however Maybe it would be wise to wait until
AS7-2942 is solved, I guess there could be some connection between those two bugs.
Wrong exception RollesAllowed constraint is not fulfilled
---------------------------------------------------------
Key: AS7-2993
URL: https://issues.jboss.org/browse/AS7-2993
Project: Application Server 7
Issue Type: Bug
Components: EJB
Affects Versions: 7.1.0.Beta1b
Environment: If you have a SB with a method annotated with RollesAllowed({a,b,c})
and a SFSB which injects this bean. We also have client tries to access a method which
calls a restricted method on injected bean. This client does not possess a security role
specified in RolesAllowed , so the call should be rejected with EJBAccessException.
However, what I get is NoSuchEjbException.
Notes:
- this doesn't happen if there is only one security role in RollesAllowed
- this doesn't happen if the bean is injected to SLSB
- the NoSuchElement exception is thrown by
org.jboss.as.ejb3.component.stateful.StatefulComponentInstanceInterceptor:66 snipplet
follows:
ROOT_LOGGER.debug("Looking for stateful component instance with session id: " +
sessionId);
StatefulSessionComponentInstance instance = component.getCache().get(sessionId);
if (instance == null) {
//This exception will be transformed into the correct exception type by the
exception transforming interceptor
throw new NoSuchEJBException("Could not find SFSB " +
component.getComponentName() + " with " + sessionId);
}
- I'll provide a reproducer for this, it' ll be available in my git repo
(https://github.com/jlanik/jboss-as), branch EJBSecurity
classes: InjectionAnnSFSBtoSFSBTestCase, InjectionAnnSLSBtoSFSBTestCase
you can also look at InjectionAnnSFSBtoSLSBTestCase InjectionAnnSLSBtoSLSBTestCase (which
work ok)
I'll create a pull request with this and some other tests, so hopefully, It'll be
accessible in the main jboss-as repo soon.
Reporter: Jan Lanik
Assignee: jaikiran pai
Fix For: 7.1.0.Final
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:01 a.m.
[
https://issues.jboss.org/browse/AS7-2993?page=com.atlassian.jira.plugin.s...
]
jaikiran pai commented on AS7-2993:
-----------------------------------
I'm going to close this one for now since there isn't much to do right now. Once
AS7-2942 is fixed and if you still run into this issue, please re-open this.
Wrong exception RollesAllowed constraint is not fulfilled
---------------------------------------------------------
Key: AS7-2993
URL: https://issues.jboss.org/browse/AS7-2993
Project: Application Server 7
Issue Type: Bug
Components: EJB
Affects Versions: 7.1.0.Beta1b
Environment: If you have a SB with a method annotated with RollesAllowed({a,b,c})
and a SFSB which injects this bean. We also have client tries to access a method which
calls a restricted method on injected bean. This client does not possess a security role
specified in RolesAllowed , so the call should be rejected with EJBAccessException.
However, what I get is NoSuchEjbException.
Notes:
- this doesn't happen if there is only one security role in RollesAllowed
- this doesn't happen if the bean is injected to SLSB
- the NoSuchElement exception is thrown by
org.jboss.as.ejb3.component.stateful.StatefulComponentInstanceInterceptor:66 snipplet
follows:
ROOT_LOGGER.debug("Looking for stateful component instance with session id: " +
sessionId);
StatefulSessionComponentInstance instance = component.getCache().get(sessionId);
if (instance == null) {
//This exception will be transformed into the correct exception type by the
exception transforming interceptor
throw new NoSuchEJBException("Could not find SFSB " +
component.getComponentName() + " with " + sessionId);
}
- I'll provide a reproducer for this, it' ll be available in my git repo
(https://github.com/jlanik/jboss-as), branch EJBSecurity
classes: InjectionAnnSFSBtoSFSBTestCase, InjectionAnnSLSBtoSFSBTestCase
you can also look at InjectionAnnSFSBtoSLSBTestCase InjectionAnnSLSBtoSLSBTestCase (which
work ok)
I'll create a pull request with this and some other tests, so hopefully, It'll be
accessible in the main jboss-as repo soon.
Reporter: Jan Lanik
Assignee: jaikiran pai
Fix For: 7.1.0.Final
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:04 a.m.
[
https://issues.jboss.org/browse/AS7-2993?page=com.atlassian.jira.plugin.s...
]
jaikiran pai resolved AS7-2993.
-------------------------------
Fix Version/s: (was: 7.1.0.Final)
Resolution: Rejected
Wrong exception RollesAllowed constraint is not fulfilled
---------------------------------------------------------
Key: AS7-2993
URL: https://issues.jboss.org/browse/AS7-2993
Project: Application Server 7
Issue Type: Bug
Components: EJB
Affects Versions: 7.1.0.Beta1b
Environment: If you have a SB with a method annotated with RollesAllowed({a,b,c})
and a SFSB which injects this bean. We also have client tries to access a method which
calls a restricted method on injected bean. This client does not possess a security role
specified in RolesAllowed , so the call should be rejected with EJBAccessException.
However, what I get is NoSuchEjbException.
Notes:
- this doesn't happen if there is only one security role in RollesAllowed
- this doesn't happen if the bean is injected to SLSB
- the NoSuchElement exception is thrown by
org.jboss.as.ejb3.component.stateful.StatefulComponentInstanceInterceptor:66 snipplet
follows:
ROOT_LOGGER.debug("Looking for stateful component instance with session id: " +
sessionId);
StatefulSessionComponentInstance instance = component.getCache().get(sessionId);
if (instance == null) {
//This exception will be transformed into the correct exception type by the
exception transforming interceptor
throw new NoSuchEJBException("Could not find SFSB " +
component.getComponentName() + " with " + sessionId);
}
- I'll provide a reproducer for this, it' ll be available in my git repo
(https://github.com/jlanik/jboss-as), branch EJBSecurity
classes: InjectionAnnSFSBtoSFSBTestCase, InjectionAnnSLSBtoSFSBTestCase
you can also look at InjectionAnnSFSBtoSLSBTestCase InjectionAnnSLSBtoSLSBTestCase (which
work ok)
I'll create a pull request with this and some other tests, so hopefully, It'll be
accessible in the main jboss-as repo soon.
Reporter: Jan Lanik
Assignee: jaikiran pai
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4663
days inactive
4718
days old
5 comments
5 participants
participants (5)
-
jaikiran pai (JIRA) -
Jan Lanik (Commented) (JIRA)
-
Jan Lanik (Created) (JIRA)
-
Jason Greene (Updated) (JIRA)
-
Stuart Douglas (Commented) (JIRA)