Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.Final
Affects Version/s: 7.1.0.CR1b
Component/s: EJB
Labels:
- exception
- security
- timer

Steps to Reproduce:

Hide

See forum reference

Show
See forum reference
Forum Reference:
http://community.jboss.org/message/638535#638535, http://community.jboss.org/thread/175405

Description

When getCallerPrincipal is called from within a timeout callback method, JBoss AS either throws an exception or returns the unauthenticated identity, but with the roles of the principal that scheduled the timer (if any).

Per section 18.2.5.3 of the EJB 3.1 specification this is not correct:

Since a timeout callback method is an internal method of the bean class, it has no client security context. When getCallerPrincipal is called from within a timeout callback method, it returns the container's representation of the unauthenticated identity.

EJBTHREE-1036 seems related.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

EJBTHREE-2274.zip
17 kB
2011/11/28 6:19 PM

Activity

People

Assignee:: Stuart Douglas

Reporter:: Arjan Tijms (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2011/11/28 5:44 PM

Updated:: 2012/01/11 9:33 PM

Resolved:: 2012/01/11 9:33 PM