[jboss-jira] [JBoss JIRA] (WFLY-12794) Elytron/JACC: Inconsistent EjbMethodPermissions
Ulf Brosziewski (Jira)
issues at jboss.org
Thu Nov 14 12:08:00 EST 2019
Ulf Brosziewski created WFLY-12794:
--------------------------------------
Summary: Elytron/JACC: Inconsistent EjbMethodPermissions
Key: WFLY-12794
URL: https://issues.jboss.org/browse/WFLY-12794
Project: WildFly
Issue Type: Bug
Components: EJB, Security
Affects Versions: 18.0.0.Final
Reporter: Ulf Brosziewski
Assignee: Cheng Fang
Attachments: quickstart-ejb-sec.diff
When JACC is enabled in an elytron application domain, calling a secured ejb method that has an array parameter causes an EjbAccessException.
The reason for the failure is that the EjbMethodPermissions created by the EjbJaccConfigurator and the JaccInterceptor do not agree in the format of the type names for method parameters. According to the JACC specification and API documentation, names for array types should have the "canonical" form: component-type + "[]". The permission objects built by the JaccInterceptor conform to that, but the EjbJaccConfigurator builds them with type names obtained from a "MethodIdentifier", and these names have the internal format as returned by Class.getName().
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list