[jboss-dev-forums] [Design of Security on JBoss] - Re: EJB getCallerPrincipal inconsistencies
wonnekeysers
do-not-reply at jboss.com
Mon Jul 31 04:21:41 EDT 2006
Yes, but in order to be completely compliant, I think the getCallerPrincipal() should simply return a SimplePrincipal("anonymous") or something when there is no security domain configured.
This is currently not the case in the EJB3 code, however the 2.1 code looks better?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961793#3961793
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3961793
More information about the jboss-dev-forums
mailing list