[seam-issues] [JBoss JIRA] (SEAMSECURITY-110) Document that an implementation of the Authenticator interfaces must not be @Stateless
Jason Porter (Updated) (JIRA)
jira-events at lists.jboss.org
Thu Oct 20 18:15:47 EDT 2011
[ https://issues.jboss.org/browse/SEAMSECURITY-110?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Porter updated SEAMSECURITY-110:
--------------------------------------
Fix Version/s: 3.1.0.Beta4
(was: 3.1.0.CR1)
> Document that an implementation of the Authenticator interfaces must not be @Stateless
> --------------------------------------------------------------------------------------
>
> Key: SEAMSECURITY-110
> URL: https://issues.jboss.org/browse/SEAMSECURITY-110
> Project: Seam Security
> Issue Type: Feature Request
> Affects Versions: 3.1.0.Beta3
> Reporter: Jozef Hartinger
> Assignee: Shane Bryzak
> Priority: Blocker
> Fix For: 3.1.0.Beta4
>
>
> Document that an implementation of the Authenticator interface *must not* be @Stateless. It is not obvious from the documentation and can cause fatal bug in an application. The bug may not actually be reproducible in a development environment and only manifest itself in production, when the SLSB pool serves different instances for each invocation.
> Besides a note in the docs, I would suggest that seam-security validates this, e.g.:
> {noformat}
> public void validateAuthenticatorImplementation(@Observes ProcessSessionBean<Authenticator> event)
> {
> if (SessionBeanType.STATELESS.equals(event.getSessionBeanType()))
> {
> event.addDefinitionError(new IllegalStateException("Authenticator " + event.getBean().getClass() + " cannot be a Stateless Session Bean"));
> }
> }
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list