[jboss-jira] [JBoss JIRA] Created: (EJBTHREE-1036) TimeOut method callback has no security context
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Thu Aug 23 01:21:18 EDT 2007
TimeOut method callback has no security context
-----------------------------------------------
Key: EJBTHREE-1036
URL: http://jira.jboss.com/jira/browse/EJBTHREE-1036
Project: EJB 3.0
Issue Type: Task
Reporter: Anil Saldhana
Assigned To: Anil Saldhana
Spec 18.2.2:
"Since the timeout callback method is an internal method of the bean class, it has no client security context. When getCallerPrincipal is called from within the timeout callback method, it returns the container's representation of the unauthenticated identity."
Basically the ejbTimeout callback should have zero security checks (bypass auth, authorization, runas). This is in line with ejb2.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list