[jboss-jira] [JBoss JIRA] (WFLY-2654) The run-as identity does NOT apply to the timeout callback method of an enterprise bean
Matus Abaffy (JIRA)
issues at jboss.org
Fri Dec 13 14:38:32 EST 2013
Matus Abaffy created WFLY-2654:
----------------------------------
Summary: The run-as identity does NOT apply to the timeout callback method of an enterprise bean
Key: WFLY-2654
URL: https://issues.jboss.org/browse/WFLY-2654
Project: WildFly
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: EJB, Security
Affects Versions: 8.0.0.Beta1
Reporter: Matus Abaffy
Assignee: Stuart Douglas
EJB 3.2 spec., 12.3.4.1 Run-as:
bq. The run-as identity applies ... to the timeout callback methods of an enterprise bean;
Assume the following classes:
{code}
@Stateless
@RunAs("alarm")
public class Alarm {
@EJB
private Bell bell;
// some more logic
@Timeout
public void ejbTimeout(Timer timer) {
bell.ring();
}
}
{code}
{code}
@Stateless
@RolesAllowed("alarm")
public class Bell {
public void ring() {}
}
{code}
When the Alarm's timeout callback method is invoked due to timer expiration, bell.ring(); results in
{code}ERROR [org.jboss.as.ejb3.invocation] (EJB default - 1) JBAS014134: EJB Invocation failed on component Bell for method public void org.jboss.as.test.integration.ejb.security.timeout.Bell.ring(): javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public void org.jboss.as.test.integration.ejb.security.timeout.Bell.ring() of bean: Bell is not allowed {code}
Calling bell.ring(); from Alarm's business methods works as expected (no error).
Simple test case available at: https://github.com/bafco/wildfly/tree/timeoutSecurity
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list