[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-1478) SecurityContext is not available during stateful bean creation
Carlo de Wolf (JIRA)
jira-events at lists.jboss.org
Wed Sep 3 13:20:38 EDT 2008
[ https://jira.jboss.org/jira/browse/EJBTHREE-1478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12428059#action_12428059 ]
Carlo de Wolf commented on EJBTHREE-1478:
-----------------------------------------
With the implementation of EJBTHREE-1482 this is no longer a critical issue. According to the spec (EJB 3.0 4.3.4) PostConstruct runs in an unspecified security context, so the unauthenticated principal is returned.
> SecurityContext is not available during stateful bean creation
> --------------------------------------------------------------
>
> Key: EJBTHREE-1478
> URL: https://jira.jboss.org/jira/browse/EJBTHREE-1478
> Project: EJB 3.0
> Issue Type: Bug
> Components: core, Security
> Reporter: Carlo de Wolf
> Assignee: Carlo de Wolf
> Priority: Critical
> Fix For: 1.0.0-Beta2
>
>
> Within the post construct of a stateful bean it's allowed to query the caller principal. Since stateful bean creation is taking place during JNDI lookup the authentication interceptor is not invoked anymore.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list