[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1902) Cannot use Seam EntitySecurityListener and MDBs
[
https://jira.jboss.org/jira/browse/JBSEAM-1902?page=com.atlassian.jira.pl...
]
Mike Pettypiece commented on JBSEAM-1902:
-----------------------------------------
This can be closed - there are a number of approaches that can be taken to overcome this
limitation without having to to update the Seam Framework itself:
1. Create your own Identity class that contains the behaviour documented in the patch
file attached to this issue
2. Use the Run As support (returning true from isSystemOperation()) to prevent the
permission checks from being enforced in the code.
Cannot use Seam EntitySecurityListener and MDBs
-----------------------------------------------
Key: JBSEAM-1902
URL: https://jira.jboss.org/jira/browse/JBSEAM-1902
Project: Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.0.0.BETA1
Reporter: Mike Pettypiece
Assignee: Shane Bryzak
Fix For: The future
Attachments: Identity.patch
After turning on Seam's EntitySecurityListener, the follow exception occurs when
working with a @Restrict-annotated entity from a MDB.
java.lang.IllegalStateException: No active session context
at org.jboss.seam.security.Identity.instance(Identity.java:157)
at
org.jboss.seam.security.EntitySecurityListener.postLoad(EntitySecurityListener.java:26)
...
There obviously isn't a session context in this case.
Seam probably shouldn't check security permissions when there is no active session
context. As well it would be useful to be able to programatically turn off security on a
per-Identity basis. Please see the referenced Forum link for more details.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira