Uploaded image for project: 'Seam Security'
  1. Seam Security
  2. SEAMSECURITY-110

Document that an implementation of the Authenticator interfaces must not be @Stateless

    Details

    • Type: Feature Request
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 3.1.0.Beta3
    • Fix Version/s: 3.1.0.Beta4
    • Labels:
      None
    • Affects:
      Release Notes

      Description

      Document that an implementation of the Authenticator interface must not be @Stateless. It is not obvious from the documentation and can cause fatal bug in an application. The bug may not actually be reproducible in a development environment and only manifest itself in production, when the SLSB pool serves different instances for each invocation.

      Besides a note in the docs, I would suggest that seam-security validates this, e.g.:

          public void validateAuthenticatorImplementation(@Observes ProcessSessionBean<Authenticator> event)
          {
              if (SessionBeanType.STATELESS.equals(event.getSessionBeanType()))
              {
                  event.addDefinitionError(new IllegalStateException("Authenticator " + event.getBean().getClass() + " cannot be a Stateless Session Bean"));
              }
          }
      

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            shane.bryzak Shane Bryzak added a comment -

            Docs and security extension updated, thanks Jozef.

            Show
            shane.bryzak Shane Bryzak added a comment - Docs and security extension updated, thanks Jozef.

              People

              • Assignee:
                shane.bryzak Shane Bryzak
                Reporter:
                jharting Jozef Hartinger
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Development