[jboss-jira] [JBoss JIRA] Assigned: (EJBTHREE-1027) Timeout method gets called with an unspecified caller identity
William DeCoste (JIRA)
jira-events at lists.jboss.org
Thu Sep 27 15:18:41 EDT 2007
[ http://jira.jboss.com/jira/browse/EJBTHREE-1027?page=all ]
William DeCoste reassigned EJBTHREE-1027:
-----------------------------------------
Assignee: William DeCoste
> Timeout method gets called with an unspecified caller identity
> --------------------------------------------------------------
>
> Key: EJBTHREE-1027
> URL: http://jira.jboss.com/jira/browse/EJBTHREE-1027
> Project: EJB 3.0
> Issue Type: Bug
> Components: Security
> Affects Versions: AS 4.2.1.GA
> Reporter: Carlo de Wolf
> Assigned To: William DeCoste
>
> Having a secured bean with a timeout method with @PermitAll, but without an unauthenticatedIdentity will lead to a 'random' identity being used to call the method or no identity at all. The last one leads to EJBAccessExceptions.
> Spec 18.2.2:
> "Since the timeout callback method is an internal method of the bean class, it has no client security context. When getCallerPrincipal is called from within the timeout callback method, it returns the container's representation of the unauthenticated identity."
> We must disallow all calls to a timeout method if unauthenticatedIdentity is not set.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list