[jboss-jira] [JBoss JIRA] (WFLY-2486) EJBComponentDescription#isSecurityEnabled() is incorrect

Stuart Douglas (JIRA) jira-events at lists.jboss.org
Mon Nov 11 09:13:06 EST 2013 

     [ https://issues.jboss.org/browse/WFLY-2486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stuart Douglas updated WFLY-2486:
---------------------------------

    Description: This assumes that if the security domain is null, then the there is no security. This is incorrect, as there could be a default security domain. There could also be a security domain set, but not security annotations/metadata that is applicable to the bean. On the whole I think we should remove this method, as its use is problematic, and move any code that relies on it to org.jboss.as.ejb3.security.EJBSecurityViewConfigurator, so all the security stuff is setup in one place.  (was: This assumes that if the security domain is null, then the there is no security. This is incorrect, as there could be a default security domain. There could also be a security domain set, but not security annotations/metadata that is applicable to the bean. On the whole I think we should remove this method, as its use is problematic, and move any code that relies on it to org.jboss.as.ejb3.security.EJBSecurityViewConfigurator, so all the security stuff is setup in one place)

    
> EJBComponentDescription#isSecurityEnabled() is incorrect
> --------------------------------------------------------
>
>                 Key: WFLY-2486
>                 URL: https://issues.jboss.org/browse/WFLY-2486
>             Project: WildFly
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: EJB
>            Reporter: Stuart Douglas
>            Assignee: David Lloyd
>
> This assumes that if the security domain is null, then the there is no security. This is incorrect, as there could be a default security domain. There could also be a security domain set, but not security annotations/metadata that is applicable to the bean. On the whole I think we should remove this method, as its use is problematic, and move any code that relies on it to org.jboss.as.ejb3.security.EJBSecurityViewConfigurator, so all the security stuff is setup in one place.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list