[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1902) Cannot use Seam EntitySecurityListener and MDBs

[Kahli Burke (JIRA)]

    [ http://jira.jboss.com/jira/browse/JBSEAM-1902?page=comments#action_12388741 ] 
            
Kahli Burke commented on JBSEAM-1902:
-------------------------------------

I added some comments in the forum post about similar issues with respect to asynchronous calls, I think the EntitySecurityListener needs to check for some additional cases where checking permissions won't function properly.

> Cannot use Seam EntitySecurityListener and MDBs
> -----------------------------------------------
>
>                 Key: JBSEAM-1902
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1902
>             Project: JBoss Seam
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.0.0.BETA1
>            Reporter: Mike Pettypiece
>         Assigned To: Shane Bryzak
>         Attachments: Identity.patch
>
>
> After turning on Seam's EntitySecurityListener, the follow exception occurs when working with a @Restrict-annotated entity from a MDB.
> java.lang.IllegalStateException: No active session context
> 	at org.jboss.seam.security.Identity.instance(Identity.java:157)
> 	at org.jboss.seam.security.EntitySecurityListener.postLoad(EntitySecurityListener.java:26)
> ...
> 	
> There obviously isn't a session context in this case.
> Seam probably shouldn't check security permissions when there is no active session context.  As well it would be useful to be able to programatically turn off security on a per-Identity basis.  Please see the referenced Forum link for more details.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira