[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1902) Cannot use Seam EntitySecurityListener and MDBs

Mike Pettypiece (JIRA) jira-events at lists.jboss.org
Thu Sep 18 12:08:30 EDT 2008 

    [ https://jira.jboss.org/jira/browse/JBSEAM-1902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12430241#action_12430241 ] 

Mike Pettypiece commented on JBSEAM-1902:
-----------------------------------------

This can be closed - there are a number of approaches that can be taken to overcome this limitation without having to to update the Seam Framework itself:

1.  Create your own Identity class that contains the behaviour documented in the patch file attached to this issue
2.  Use the Run As support (returning true from isSystemOperation()) to prevent the permission checks from being enforced in the code.

> Cannot use Seam EntitySecurityListener and MDBs
> -----------------------------------------------
>
>                 Key: JBSEAM-1902
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-1902
>             Project: Seam
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.0.0.BETA1
>            Reporter: Mike Pettypiece
>            Assignee: Shane Bryzak
>             Fix For: The future
>
>         Attachments: Identity.patch
>
>
> After turning on Seam's EntitySecurityListener, the follow exception occurs when working with a @Restrict-annotated entity from a MDB.
> java.lang.IllegalStateException: No active session context
> 	at org.jboss.seam.security.Identity.instance(Identity.java:157)
> 	at org.jboss.seam.security.EntitySecurityListener.postLoad(EntitySecurityListener.java:26)
> ...
> 	
> There obviously isn't a session context in this case.
> Seam probably shouldn't check security permissions when there is no active session context.  As well it would be useful to be able to programatically turn off security on a per-Identity basis.  Please see the referenced Forum link for more details.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list