Hi dev-list,
I've been working on this simple ejb that is called from an web container
unauthenticated. The method I'm calling has an <unchecked/> in its
method-permissions element in the assembly-descriptor. After some debug I
found that BeanMetaData getMethodPermissions() returned null when
called from the SecurityInterceptor. This causes the familiar error:
"No method permissions assigned to method="+method
+ ", interface="+Invocation.getInvocationTypeName(iface);
I then began to inspect the code and found the AnbodyPrincipal class does not
obey the equals contract. In the following section of code, at least on my
vm, the calls:
result.clear();
result.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
break;
causes the call result.isEmpty() to return true. This appears to be a bug, am
I missing something?
while (iterator.hasNext())
{
MethodMetaData m = (MethodMetaData) iterator.next();
if (m.patternMatches(methodName, params, iface))
{
/* If this is an unchecked method anyone can access it so
set the result set to a role that equates to any Principal or
Principal name and return.
*/
if (m.isUnchecked())
{
result.clear();
result.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
break;
}
// Else, add all roles
else
{
Iterator rolesIterator = m.getRoles().iterator();
while (rolesIterator.hasNext())
{
String roleName = (String) rolesIterator.next();
result.add(new SimplePrincipal(roleName));
}
}
}
}
// If no permissions were assigned to the method return null to
indicate no access
if (result.isEmpty()) {
result = null;
return result;
-------------------------------------------------------
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
