You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Andy Gumbrecht (JIRA)" <ji...@apache.org> on 2013/11/21 12:39:35 UTC
[jira] [Commented] (OPENEJB-2046) @Asynchronous calls on void
methods mask failing authentication
[ https://issues.apache.org/jira/browse/OPENEJB-2046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13828854#comment-13828854 ]
Andy Gumbrecht commented on OPENEJB-2046:
-----------------------------------------
NOTE: The method involved returns void
> @Asynchronous calls on void methods mask failing authentication
> ---------------------------------------------------------------
>
> Key: OPENEJB-2046
> URL: https://issues.apache.org/jira/browse/OPENEJB-2046
> Project: OpenEJB
> Issue Type: Bug
> Components: container system
> Affects Versions: 4.6.0
> Environment: NA
> Reporter: Andy Gumbrecht
> Assignee: Andy Gumbrecht
> Priority: Critical
> Fix For: 4.6.0
>
>
> Beans that are annotated with:
> @DeclareRoles({"role"})
> @RolesAllowed({"role"})
> That are called on a method annotated with:
> @Asynchronous
> ...fail silently as the EJBAccessException that is thrown is never logged, and (due to the nature of asynchronous) is never propagated.
> The EJBAccessException occurs because the role is not propagated correctly into ThreadContext where containers that call getSecurityService().isCallerAuthorized
--
This message was sent by Atlassian JIRA
(v6.1#6144)