[seam-issues] [JBoss JIRA] (SEAMSECURITY-110) Document that an implementation of the Authenticator interfaces must not be @Stateless

Shane Bryzak (Resolved) (JIRA) jira-events at lists.jboss.org
Tue Oct 11 02:24:17 EDT 2011 

     [ https://issues.jboss.org/browse/SEAMSECURITY-110?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shane Bryzak resolved SEAMSECURITY-110.
---------------------------------------

      Assignee: Shane Bryzak
    Resolution: Done


Docs and security extension updated, thanks Jozef.
                
> Document that an implementation of the Authenticator interfaces must not be @Stateless
> --------------------------------------------------------------------------------------
>
>                 Key: SEAMSECURITY-110
>                 URL: https://issues.jboss.org/browse/SEAMSECURITY-110
>             Project: Seam Security
>          Issue Type: Feature Request
>    Affects Versions: 3.1.0.Beta3
>            Reporter: Jozef Hartinger
>            Assignee: Shane Bryzak
>            Priority: Blocker
>             Fix For: 3.1.0.CR1
>
>
> Document that an implementation of the Authenticator interface *must not* be @Stateless. It is not obvious from the documentation and can cause fatal bug in an application. The bug may not actually be reproducible in a development environment and only manifest itself in production, when the SLSB pool serves different instances for each invocation.
> Besides a note in the docs, I would suggest that seam-security validates this, e.g.:
> {noformat}
>     public void validateAuthenticatorImplementation(@Observes ProcessSessionBean<Authenticator> event)
>     {
>         if (SessionBeanType.STATELESS.equals(event.getSessionBeanType()))
>         {
>             event.addDefinitionError(new IllegalStateException("Authenticator " + event.getBean().getClass() + " cannot be a Stateless Session Bean"));
>         }
>     }
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list