[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-1995) Invoking SessionContext.getCallerPrincipal inside @Init method of SFSB should return correct principal

Carlo de Wolf (JIRA) jira-events at lists.jboss.org
Fri Feb 5 04:17:25 EST 2010 

    [ https://jira.jboss.org/jira/browse/EJBTHREE-1995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12510570#action_12510570 ] 

Carlo de Wolf commented on EJBTHREE-1995:
-----------------------------------------

For the moment the init-method will be invoked through an interceptor stack called HomeCallbackStack. This is a temporary measure as the real fix should be establishing a security context when the remote call is accepted.

If there is no HomeCallbackStack defined an IllegalStateException will be thrown.

The stack should be defined within 'Base Stateful Bean' domain definition as such:
   <domain name="Base Stateful Bean" extends="Intercepted Bean" inheritBindings="true">
      <!-- EJBTHREE-1995: establish a security context during init -->
      <stack name="HomeCallbackStack">
         <interceptor-ref name="org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor"/>
         <!-- advice name="setup" aspect="InvocationContextInterceptor"/ -->
         <interceptor-ref name="org.jboss.ejb3.security.AuthenticationInterceptorFactory"/>
         <interceptor-ref name="org.jboss.ejb3.stateful.StatefulInstanceInterceptor"/>
      </stack>
      ...
   </domain>

> Invoking SessionContext.getCallerPrincipal inside @Init method of SFSB should return correct principal
> ------------------------------------------------------------------------------------------------------
>
>                 Key: EJBTHREE-1995
>                 URL: https://jira.jboss.org/jira/browse/EJBTHREE-1995
>             Project: EJB 3.0
>          Issue Type: Bug
>          Components: ejb3
>    Affects Versions: 1.1.22
>            Reporter: Marcus Moyses
>            Assignee: Carlo de Wolf
>
> In EAP 4.x, this scenario throws "IllegalStateException: No valid security context for the caller identity" and in EAP 5 it throws "llegalStateException: getCallerPrincipal not allowed during injection (EJB3 4.4.1 & 4.5.2)"

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list