The contributed version is inconsistent with the EJB spec as was the previous
version of JBoss. All method must have an assigned security role according
to the EJB spec. The change your seeing was added a while ago to 2.1.
----- Original Message -----
From: "Darius Davidavicius" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 04, 2001 6:30 AM
Subject: Re: [JBoss-user] JASS: Illegal access BUG?
> Hi Scott,
>
> I have the feeling there is a little bug.
>
> We have 2 files:
> contrib.security.src.main.org.jboss.ejb.plugins.SecurityInterceptor.java
> and
> jboss.src.main.org.jboss.ejb.plugins.SecurityInterceptor.java
>
> in the both files there is function
> private void checkSecurityAssociation(MethodInvocation mi, boolean home)
>
> where i can find for contributed version:
> if( methodRoles != null && realmMapping.doesUserHaveRole(principal,
>methodRoles) == false )
>
> and for JBoss version:
> if( methodRoles == null || realmMapping.doesUserHaveRole(principal,
>methodRoles) == false )
>
>
> In my case i dont use any roles but i get inside this check inspite of
>methodRoles==null.
> I would prefare the contributed version of this IF
>
> Its very strange when it is the CVS where is 2 files with this little difference.
>
> Have a good day
>
> D&D
>
> Darius Davidavicius
> Living-Source
> http://www.living-source.com/team_employee.php3?e_id=9&e_nextid=2
> ICQ: 18325334
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
