[jboss-jira] [JBoss JIRA] (WFLY-2486) EJBComponentDescription#isSecurityEnabled() is incorrect
Stuart Douglas (JIRA)
jira-events at lists.jboss.org
Mon Nov 11 09:13:06 EST 2013
[ https://issues.jboss.org/browse/WFLY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas updated WFLY-2486:
---------------------------------
Description: This assumes that if the security domain is null, then the there is no security. This is incorrect, as there could be a default security domain. There could also be a security domain set, but not security annotations/metadata that is applicable to the bean. On the whole I think we should remove this method, as its use is problematic, and move any code that relies on it to org.jboss.as.ejb3.security.EJBSecurityViewConfigurator, so all the security stuff is setup in one place. (was: This assumes that if the security domain is null, then the there is no security. This is incorrect, as there could be a default security domain. There could also be a security domain set, but not security annotations/metadata that is applicable to the bean. On the whole I think we should remove this method, as its use is problematic, and move any code that relies on it to org.jboss.as.ejb3.security.EJBSecurityViewConfigurator, so all the security stuff is setup in one place)
> EJBComponentDescription#isSecurityEnabled() is incorrect
> --------------------------------------------------------
>
> Key: WFLY-2486
> URL: https://issues.jboss.org/browse/WFLY-2486
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: EJB
> Reporter: Stuart Douglas
> Assignee: David Lloyd
>
> This assumes that if the security domain is null, then the there is no security. This is incorrect, as there could be a default security domain. There could also be a security domain set, but not security annotations/metadata that is applicable to the bean. On the whole I think we should remove this method, as its use is problematic, and move any code that relies on it to org.jboss.as.ejb3.security.EJBSecurityViewConfigurator, so all the security stuff is setup in one place.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list