[
https://issues.jboss.org/browse/EJBTHREE-2274?page=com.atlassian.jira.plu...
]
arjan tijms updated EJBTHREE-2274:
----------------------------------
Attachment: EJBTHREE-2274.zip
Test application that demonstrates the problem. Format is an Eclipse/JBoss tools dynamic
web project.
Targeted run-time set to JBoss AS 6.x since it contains a necessary annotation, but as-is
the code is configured to run on JBoss AS 7.0.x. For JBoss AS 6 and Glassfish small
changes in the code need to be made (see comments).
GetCallerPrincipal in timeout callback doesn't behave correctly
----------------------------------------------------------------
Key: EJBTHREE-2274
URL:
https://issues.jboss.org/browse/EJBTHREE-2274
Project: EJB 3.0
Issue Type: Bug
Reporter: arjan tijms
Labels: exception, security, timer
Attachments: EJBTHREE-2274.zip
When {{getCallerPrincipal}} is called from within a timeout callback method, JBoss AS
either throws an exception or returns the unauthenticated identity, but with the roles of
the principal that scheduled the timer (if any).
Per section 18.2.5.3 of the EJB 3.1 specification this is not correct:
{quote}
Since a timeout callback method is an internal method of the bean class, it has no client
security context. When getCallerPrincipal is called from within a timeout callback method,
it returns the container's representation of the unauthenticated identity.
{quote}
EJBTHREE-1036 seems related.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira