Document that an implementation of the Authenticator interfaces must not be
@Stateless
--------------------------------------------------------------------------------------
Key: SEAMSECURITY-110
URL: https://issues.jboss.org/browse/SEAMSECURITY-110
Project: Seam Security
Issue Type: Feature Request
Affects Versions: 3.1.0.Beta3
Reporter: Jozef Hartinger
Priority: Blocker
Fix For: 3.1.0.CR1
Document that an implementation of the Authenticator interface *must not* be
@Stateless. It is not obvious from the documentation and can cause fatal bug in
an application. The bug may not actually be reproducible in a development
environment and only manifest itself in production, when the SLSB pool serves
different instances for each invocation.
Besides a note in the docs, I would suggest that seam-security validates this,
e.g.:
{noformat}
public void validateAuthenticatorImplementation(@Observes
ProcessSessionBean<Authenticator> event)
{
if (SessionBeanType.STATELESS.equals(event.getSessionBeanType()))
{
event.addDefinitionError(new IllegalStateException("Authenticator "
+ event.getBean().getClass() + " cannot be a Stateless Session Bean"));
}
}
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues
