[jboss-jira] [JBoss JIRA] (EJBTHREE-2274) GetCallerPrincipal in timeout callback doesn't behave correctly
arjan tijms (Updated) (JIRA)
jira-events at lists.jboss.org
Mon Nov 28 18:20:40 EST 2011
[ https://issues.jboss.org/browse/EJBTHREE-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
arjan tijms updated EJBTHREE-2274:
----------------------------------
Attachment: EJBTHREE-2274.zip
Test application that demonstrates the problem. Format is an Eclipse/JBoss tools dynamic web project.
Targeted run-time set to JBoss AS 6.x since it contains a necessary annotation, but as-is the code is configured to run on JBoss AS 7.0.x. For JBoss AS 6 and Glassfish small changes in the code need to be made (see comments).
> GetCallerPrincipal in timeout callback doesn't behave correctly
> ----------------------------------------------------------------
>
> Key: EJBTHREE-2274
> URL: https://issues.jboss.org/browse/EJBTHREE-2274
> Project: EJB 3.0
> Issue Type: Bug
> Reporter: arjan tijms
> Labels: exception, security, timer
> Attachments: EJBTHREE-2274.zip
>
>
> When {{getCallerPrincipal}} is called from within a timeout callback method, JBoss AS either throws an exception or returns the unauthenticated identity, but with the roles of the principal that scheduled the timer (if any).
> Per section 18.2.5.3 of the EJB 3.1 specification this is not correct:
> {quote}
> Since a timeout callback method is an internal method of the bean class, it has no client security context. When getCallerPrincipal is called from within a timeout callback method, it returns the container's representation of the unauthenticated identity.
> {quote}
> EJBTHREE-1036 seems related.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list