You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2009/02/03 20:27:59 UTC

[jira] Created: (GERONIMO-4526) ejbTimout method not subject to permission checks

ejbTimout method not subject to permission checks
-------------------------------------------------

                 Key: GERONIMO-4526
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4526
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: OpenEJB
    Affects Versions: 2.1.4, 2.2
            Reporter: David Jencks
            Assignee: David Jencks
             Fix For: 2.1.4, 2.2


Right now if you have security enabled ejbTimeout calls don't work, they get an unauth exception.

Need to fix it so the permissions that aren't from an interface get into the unchecked permissions.  If someone adds the ejbTimeout method to an interface, that will get a different permission so the new unchecked permission shouldn't allow unwanted access.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-4526) ejbTimout method not subject to permission checks

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-4526?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12670180#action_12670180 ] 

David Jencks commented on GERONIMO-4526:
----------------------------------------

branches/2.1 fixed in rev 740521

> ejbTimout method not subject to permission checks
> -------------------------------------------------
>
>                 Key: GERONIMO-4526
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4526
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: OpenEJB
>    Affects Versions: 2.1.4, 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.1.4, 2.2
>
>
> Right now if you have security enabled ejbTimeout calls don't work, they get an unauth exception.
> Need to fix it so the permissions that aren't from an interface get into the unchecked permissions.  If someone adds the ejbTimeout method to an interface, that will get a different permission so the new unchecked permission shouldn't allow unwanted access.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-4526) ejbTimout method not subject to permission checks

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-4526?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks closed GERONIMO-4526.
----------------------------------

    Resolution: Fixed

Fixed in 2.2 rev 740811.

> ejbTimout method not subject to permission checks
> -------------------------------------------------
>
>                 Key: GERONIMO-4526
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4526
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: OpenEJB
>    Affects Versions: 2.1.4, 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.1.4, 2.2
>
>
> Right now if you have security enabled ejbTimeout calls don't work, they get an unauth exception.
> Need to fix it so the permissions that aren't from an interface get into the unchecked permissions.  If someone adds the ejbTimeout method to an interface, that will get a different permission so the new unchecked permission shouldn't allow unwanted access.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.