Andy Gumbrecht created OPENEJB-2046:
---------------------------------------
Summary: @Asynchronous calls on void methods mask failing
authentication
Key: OPENEJB-2046
URL: https://issues.apache.org/jira/browse/OPENEJB-2046
Project: OpenEJB
Issue Type: Bug
Components: container system
Affects Versions: 4.6.0
Environment: NA
Reporter: Andy Gumbrecht
Assignee: Andy Gumbrecht
Priority: Critical
Fix For: 4.6.0
Beans that are annotated with:
@DeclareRoles({"role"})
@RolesAllowed({"role"})
That are called on a method annotated with:
@Asynchronous
...fail silently as the EJBAccessException that is thrown is never logged, and
(due to the nature of asynchronous) is never propagated.
The EJBAccessException occurs because the role is not propagated correctly into
ThreadContext where containers that call getSecurityService().isCallerAuthorized
--
This message was sent by Atlassian JIRA
(v6.1#6144)
