[jira] [Commented] (OPENEJB-2046) @Asynchronous calls on void methods mask failing authentication

Andy Gumbrecht (JIRA) Thu, 21 Nov 2013 03:40:27 -0800

    [ 
https://issues.apache.org/jira/browse/OPENEJB-2046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13828854#comment-13828854
 ]


Andy Gumbrecht commented on OPENEJB-2046:
-----------------------------------------

NOTE: The method involved returns void

> @Asynchronous calls on void methods mask failing authentication
> ---------------------------------------------------------------
>
>                 Key: OPENEJB-2046
>                 URL: https://issues.apache.org/jira/browse/OPENEJB-2046
>             Project: OpenEJB
>          Issue Type: Bug
>          Components: container system
>    Affects Versions: 4.6.0
>         Environment: NA
>            Reporter: Andy Gumbrecht
>            Assignee: Andy Gumbrecht
>            Priority: Critical
>             Fix For: 4.6.0
>
>
> Beans that are annotated with:
> @DeclareRoles({"role"})
> @RolesAllowed({"role"})
> That are called on a method annotated with:
> @Asynchronous
> ...fail silently as the EJBAccessException that is thrown is never logged, 
> and (due to the nature of asynchronous) is never propagated.
> The EJBAccessException occurs because the role is not propagated correctly 
> into ThreadContext where containers that call 
> getSecurityService().isCallerAuthorized



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (OPENEJB-2046) @Asynchronous calls on void methods mask failing authentication

Reply via email to