[jboss-jira] [JBoss JIRA] (AS7-6476) missing-method-permissions-exclude-mode isn't available in AS7
jaikiran pai (JIRA)
jira-events at lists.jboss.org
Mon Mar 25 04:38:42 EDT 2013
[ https://issues.jboss.org/browse/AS7-6476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12762859#comment-12762859 ]
jaikiran pai commented on AS7-6476:
-----------------------------------
Our previous versions have by default been strict in this area and have defaulted to deny access. We wanted to continue with that behaviour especially since this relates to security and an oversight shouldn't allow access to methods which weren't supposed to be allowed access. We decided that allowing the users to change this behaviour to permit all would be better instead of we doing it ourselves, since they would know more about the application, than the container's assumptions.
> missing-method-permissions-exclude-mode isn't available in AS7
> --------------------------------------------------------------
>
> Key: AS7-6476
> URL: https://issues.jboss.org/browse/AS7-6476
> Project: Application Server 7
> Issue Type: Bug
> Components: EJB
> Affects Versions: 7.1.1.Final, 7.1.3.Final (EAP)
> Reporter: jaikiran pai
> Assignee: jaikiran pai
> Priority: Blocker
> Fix For: EAP 6.1.0.Alpha (7.2.0.Final)
>
>
> Previous versions of JBoss AS allowed users to configure a <missing-method-permissions-exclude-mode> element which would decide whether methods without any specific security configurations, on a secured bean, are allowed access or not.
> In AS7, we allow access to such methods and it behaves similar to @PermitAll. We should allow users to have control over this.
> Related article http://anil-identity.blogspot.in/2010/02/tip-interpretation-of-missing-ejb.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list