[jboss-jira] [JBoss JIRA] Updated: (JBAS-7324) javax.ejb.EJBAccessException does not contain information about what roles are required anymore

Marco Schulze (JIRA) jira-events at lists.jboss.org
Thu Oct 8 10:25:06 EDT 2009 

     [ https://jira.jboss.org/jira/browse/JBAS-7324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marco Schulze updated JBAS-7324:
--------------------------------

    Component/s: Security


> javax.ejb.EJBAccessException does not contain information about what roles are required anymore
> -----------------------------------------------------------------------------------------------
>
>                 Key: JBAS-7324
>                 URL: https://jira.jboss.org/jira/browse/JBAS-7324
>             Project: JBoss Application Server
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: EJB3, Security
>    Affects Versions: JBossAS-4.2.3.GA
>            Reporter: Marco Schulze
>            Assignee: Carlo de Wolf
>
> The SecurityException thrown when accessing EJB2 beans without sufficient permissions contained the information what roles exactly were required. The exception message contained sth. like this: "requiredRoles=[org.nightlabs.jfire.store.seeProductType], principalRoles=[_Guest_]"
> This was an easily parseable text and we used it to show the user a nice error message with detailed information about what rights he should request from his boss or his administrator.
> Unfortunately, after we switched to EJB3, the now thrown EJBAccessException does not contain this information anymore. It simply says "Authorization failure" without any details.
> Please extend org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor to pass the required information (in a parseable form in the exception message).
> Reference to our issue (with a stack trace and maybe other useful information): https://www.jfire.org/modules/bugs/view.php?id=1292

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list