Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Estimated Difficulty:
Medium

Spec 18.2.2:
"Since the timeout callback method is an internal method of the bean class, it has no client security context. When getCallerPrincipal is called from within the timeout callback method, it returns the container's representation of the unauthenticated identity."

Basically the ejbTimeout callback should have zero security checks (bypass auth, authorization, runas). This is in line with ejb2.

is related to

EJBTHREE-1891 ServiceContainer may not be popping the Principal

Resolved

EJBTHREE-1027 Timeout method gets called with an unspecified caller identity

Open

Assignee:: Anil Saldanha (Inactive)

Reporter:: Anil Saldanha (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2007/08/23 1:19 AM

Updated:: 2009/08/18 7:08 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates