[jboss-jira] [JBoss JIRA] Created: (JBAS-7324) javax.ejb.EJBAccessException does not contain information about what roles are required anymore
Marco Schulze (JIRA)
jira-events at lists.jboss.org
Thu Oct 8 10:17:05 EDT 2009
javax.ejb.EJBAccessException does not contain information about what roles are required anymore
-----------------------------------------------------------------------------------------------
Key: JBAS-7324
URL: https://jira.jboss.org/jira/browse/JBAS-7324
Project: JBoss Application Server
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Components: EJB3
Affects Versions: JBossAS-4.2.3.GA
Reporter: Marco Schulze
Assignee: Carlo de Wolf
The SecurityException thrown when accessing EJB2 beans without sufficient permissions contained the information what roles exactly were required. The exception message contained sth. like this: "requiredRoles=[org.nightlabs.jfire.store.seeProductType], principalRoles=[_Guest_]"
This was an easily parseable text and we used it to show the user a nice error message with detailed information about what rights he should request from his boss or his administrator.
Unfortunately, after we switched to EJB3, the now thrown EJBAccessException does not contain this information anymore. It simply says "Authorization failure" without any details.
Please extend org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor to pass the required information (in a parseable form in the exception message).
Reference to our issue (with a stack trace and maybe other useful information): https://www.jfire.org/modules/bugs/view.php?id=1292
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list