tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy Gumbrecht (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OPENEJB-2046) @Asynchronous calls on void methods mask failing authentication
Date Thu, 21 Nov 2013 09:54:36 GMT
Andy Gumbrecht created OPENEJB-2046:
---------------------------------------

             Summary: @Asynchronous calls on void methods mask failing authentication
                 Key: OPENEJB-2046
                 URL: https://issues.apache.org/jira/browse/OPENEJB-2046
             Project: OpenEJB
          Issue Type: Bug
          Components: container system
    Affects Versions: 4.6.0
         Environment: NA
            Reporter: Andy Gumbrecht
            Assignee: Andy Gumbrecht
            Priority: Critical
             Fix For: 4.6.0


Beans that are annotated with:

@DeclareRoles({"role"})
@RolesAllowed({"role"})

That are called on a method annotated with:

@Asynchronous

...fail silently as the EJBAccessException that is thrown is never logged, and (due to the
nature of asynchronous) is never propagated.

The EJBAccessException occurs because the role is not propagated correctly into ThreadContext
where containers that call getSecurityService().isCallerAuthorized





--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message