[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-1036) TimeOut method callback should bypass security as it has no security context
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Thu Aug 23 01:31:18 EDT 2007
[ http://jira.jboss.com/jira/browse/EJBTHREE-1036?page=comments#action_12373443 ]
Anil Saldhana commented on EJBTHREE-1036:
-----------------------------------------
This is complete in JBAS5 Trunk version of EJB3. Please set the appropriate version and close this issue.
> TimeOut method callback should bypass security as it has no security context
> ----------------------------------------------------------------------------
>
> Key: EJBTHREE-1036
> URL: http://jira.jboss.com/jira/browse/EJBTHREE-1036
> Project: EJB 3.0
> Issue Type: Task
> Reporter: Anil Saldhana
> Assigned To: Anil Saldhana
>
> Spec 18.2.2:
> "Since the timeout callback method is an internal method of the bean class, it has no client security context. When getCallerPrincipal is called from within the timeout callback method, it returns the container's representation of the unauthenticated identity."
> Basically the ejbTimeout callback should have zero security checks (bypass auth, authorization, runas). This is in line with ejb2.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list