[jboss-jira] [JBoss JIRA] Created: (JBAS-5014) EJBMethodPermission implies should check for null methodname and methodSig==""
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Wed Nov 28 02:36:56 EST 2007
EJBMethodPermission implies should check for null methodname and methodSig==""
------------------------------------------------------------------------------
Key: JBAS-5014
URL: http://jira.jboss.com/jira/browse/JBAS-5014
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: JBossAS-4.2.2.GA, JBossAS-5.0.0.Beta2
Reporter: Anil Saldhana
Assigned To: Scott M Stark
Fix For: JBossAS-5.0.0.Beta3, JBossAS-4.2.3.GA
Consider the following test:
==============
/**
* Test a Method Permission for all methods of an EJB
*/
public void testAllStarEJBMethodPermission()
{
EJBMethodPermission policyPerm = new EJBMethodPermission("ejbName",
null, null, new String[0]);
EJBMethodPermission userPerm = new EJBMethodPermission("ejbName",
"create", dummyInterface.class.getMethods()[0]);
EJBMethodPermission userPerm2 = new EJBMethodPermission("ejbName", "a", "LocalHome", new String[]{"java.lang.String"});
assertTrue(policyPerm.implies(userPerm));
assertTrue(policyPerm.implies(userPerm2));
}
========================================
The check for userPerm2 fails.
The permission in the Policy should check for "null" methodName (which implies "*") and also for the methodSignature to be "" (or String[0])
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list