[jboss-jira] [JBoss JIRA] (AS7-3154) GetCallerPrincipal in timeout callback doesn't behave correctly
jaikiran pai (Updated) (JIRA)
jira-events at lists.jboss.org
Mon Jan 2 02:20:09 EST 2012
[ https://issues.jboss.org/browse/AS7-3154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
jaikiran pai updated AS7-3154:
------------------------------
Fix Version/s: 7.1.0.Final
Affects Version/s: 7.1.0.CR1b
Component/s: EJB
Forum Reference: http://community.jboss.org/message/638535#638535, http://community.jboss.org/thread/175405 (was: http://community.jboss.org/message/638535#638535, http://community.jboss.org/thread/175405)
> GetCallerPrincipal in timeout callback doesn't behave correctly
> ----------------------------------------------------------------
>
> Key: AS7-3154
> URL: https://issues.jboss.org/browse/AS7-3154
> Project: Application Server 7
> Issue Type: Bug
> Components: EJB
> Affects Versions: 7.1.0.CR1b
> Reporter: arjan tijms
> Labels: exception, security, timer
> Fix For: 7.1.0.Final
>
> Attachments: EJBTHREE-2274.zip
>
>
> When {{getCallerPrincipal}} is called from within a timeout callback method, JBoss AS either throws an exception or returns the unauthenticated identity, but with the roles of the principal that scheduled the timer (if any).
> Per section 18.2.5.3 of the EJB 3.1 specification this is not correct:
> {quote}
> Since a timeout callback method is an internal method of the bean class, it has no client security context. When getCallerPrincipal is called from within a timeout callback method, it returns the container's representation of the unauthenticated identity.
> {quote}
> EJBTHREE-1036 seems related.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list