[jboss-jira] [JBoss JIRA] (AS7-2853) Calling getCallerPrincipal should not be permitted on lifecycle methods - on @PreDestroy is allowed
Carlo de Wolf (Commented) (JIRA)
jira-events at lists.jboss.org
Mon Dec 12 08:51:10 EST 2011
[ https://issues.jboss.org/browse/AS7-2853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12649996#comment-12649996 ]
Carlo de Wolf commented on AS7-2853:
------------------------------------
This violates EJB 3.1 FR 17.6.5. If the security identity of the caller has not
been established, the container returns the container’s representation of the unauthenticated identity. The container must never return a null from the getCallerPrincipal method.
> Calling getCallerPrincipal should not be permitted on lifecycle methods - on @PreDestroy is allowed
> ---------------------------------------------------------------------------------------------------
>
> Key: AS7-2853
> URL: https://issues.jboss.org/browse/AS7-2853
> Project: Application Server 7
> Issue Type: Bug
> Reporter: Ondřej Chaloupka
> Assignee: Stuart Douglas
>
> Calling method on getCallerPrincipal should cause throwing IllegalStateException (EJB3.1 17.2.5) on lifecycle methods @PostConstruct, @PreDestroy but it returns anonymous identity role on @PreDestroy annotated method.
> Test could be found:
> https://github.com/ochaloup/jboss-as/blob/JBQA-5451-test-migration-getcallerprincipal/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/ejb/security/callerprincipal/SLSBLifecycleCallback.java
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list