Bugs item #1081791, was opened at 2004-12-08 17:17 Message generated for change (Comment added) made by starksm You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=376685&aid=1081791&group_id=22866
Category: JBossServer Group: v4.0 >Status: Closed >Resolution: Duplicate Priority: 5 Submitted By: mpoindexter (mpoindexter) Assigned to: Scott M Stark (starksm) Summary: EJB Timer Service broken when used with security domain Initial Comment: When an EJB (an entity bean in my case) has a security domain associated with it, calls to the ejbTimeout method fail with a SecurityException (insufficient method permissions). It appears the principal is being hardcoded to null in the TimedObjectInvoker, causing the security check to fail in the SecurityInterceptor. I have tried setting the method permissions for ejbTimeout to unchecked, but these aren't picked up, possibly because ejbTimeout is not a member of the bean's local interface. I think there are two possible fixes: 1) Skip security checking for ejbTimeout in the SecurityInterceptor (don't think this is much of a solution since calls made to other beans in the ejbtimeout method will have no principal associated with them) 2) Store the current principal with the timer when the timer is created. When the timer triggers, recall this principal and set the current principal to the creator of the timer. I think this seems like the correct solution ---------------------------------------------------------------------- >Comment By: Scott M Stark (starksm) Date: 2004-12-17 09:34 Message: Logged In: YES user_id=175228 This is being tracked in jira: http://jira.jboss.com/jira/browse/JBAS-69 ---------------------------------------------------------------------- Comment By: mpoindexter (mpoindexter) Date: 2004-12-09 13:23 Message: Logged In: YES user_id=1174627 Here's a version of SecurityInterceptor with a workaround, but it's not what I'd call an elegant solution. Just in case anyone else needs a fix quick. ---------------------------------------------------------------------- Comment By: Scott M Stark (starksm) Date: 2004-12-08 18:21 Message: Logged In: YES user_id=175228 No 2) is not correct as there is no security context associated with ejb timer calls. The container has to setup the permissions to deal with this correctly. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=376685&aid=1081791&group_id=22866 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
