RE: [JBoss-user] Bug in BeanMetaData?

Fri, 23 Apr 2004 08:12:19 -0700 

You asking for something contrary to the ejb-2.0 spec:

<ejb-20-spec, 21.3.2 Method permissions>
If the method permission relation specifies both the unchecked element
for
a given method and one or more security roles, the method should not be
checked for authorization.
</ejb-20-spec, 21.3.2 Method permissions>

xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx 
 
 

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Eivind Tagseth
> Sent: Friday, April 23, 2004 3:56 AM
> To: [EMAIL PROTECTED]
> Subject: [JBoss-user] Bug in BeanMetaData?
> 
> 
> I'm having some problems getting my method permissions 
> working correctly.
> I'm using JBoss-3.2.1, and have set up an EJB bean with 
> methods '*' as unchecked, but with a few of the bean's 
> methods requiring a certain role.
> 
> The problem is that whenever calling one of the restricted 
> methods, JBoss only sees the wildcard that is unchecked, and 
> therefore thinks that my restricted methods are also unchecked.
> 
> Am I not supposed to do this?  Do I need to have the method 
> permissions in a certain order in the ejb-jar.xml file (which 
> is going to be hard since I'm using XDoclet)?
> 
> I've narrowed it down to BeanMetaData.java.  It contains the 
> following:
> 
>    public Set getMethodPermissions(String methodName, Class[] params,
>       InvocationType iface)
>    {
> 
>       ...
>       // Check the permissioned methods list
>       iterator = getPermissionMethods();
>       while (iterator.hasNext())
>       {
>          MethodMetaData m = (MethodMetaData) iterator.next();
>          if (m.patternMatches(methodName, params, iface))
>          {
>             if (m.isUnchecked())
>             {
>                result.clear();
>                result.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
>                break;
>             }
>             else
> 
>       ...
> 
> 
> Since m.patternMatches() returns true on "*", this method 
> will exit here, without ever coming to the more exact 
> definition of methodName (if "*" happens to come before in the list).
> 
> In the method getMethodTransactionType() in the same class, 
> it does more or less the same thing, but there it makes sure 
> that there aren't more exact matches before using the wildcard match.
> 
> I've checked CVS, and getMethodPermissions() still behaves 
> the same way.
> Am I doing something I shouldn't, or is this a bug in JBoss?
> 
> 
> 
> 
> Eivind
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: The Robotic Monkeys at 
> ThinkGeek For a limited time only, get FREE Ground shipping 
> on all orders of $35 or more. Hurry up and shop folks, this 
> offer expires April 30th!
> http://www.thinkgeek.com/freeshipping/?cpg=12297
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
> 
> 


-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg297
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to