Closed glassfishrobot closed 11 years ago
@glassfishrobot Commented crperez said: There are couple areas to address:
@glassfishrobot Commented crperez said:
Existing EJB security-role-ref handling not conformant with JACC 1.5 and EJB 3.2 specifications
Small, the code changes update EJB role reference handling and remove exceptions thrown when role references where not found to be declared at run-time.
No
CTS7 JACC TCK, EJB tests
b85
N/A
@glassfishrobot Commented tmueller said: Approved for 4.0.
@glassfishrobot Commented crperez said: [glassfish~svn:61324] #20036 - EJB's declaration of roles used in role references
Project: glassfish Repository: svn Revision: 61324 Author: crperez Date: 2013-04-10 15:12:58 UTC Link:
61324
trunk/main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java trunk/main/appserver/ejb/ejb-full-container/src/main/java/org/glassfish/ejb/mdb/MessageBeanContextImpl.java trunk/main/appserver/ejb/ejb-container/src/main/java/com/sun/ejb/containers/EJBContextImpl.java
@glassfishrobot Commented crperez said: [glassfish~svn:61325] #20036 - Add in the devtest cases based on security-role-ref han
Project: glassfish Repository: svn Revision: 61325 Author: crperez Date: 2013-04-10 15:14:50 UTC Link:
61325
trunk/v2/appserv-tests/devtests/security/jaccmr8/client/Client.java trunk/v2/appserv-tests/devtests/security/jaccmr8/ejb/HelloStatefulEJB.java trunk/v2/appserv-tests/devtests/security/jaccmr8/ejb/HelloEJB.java trunk/v2/appserv-tests/devtests/security/jaccmr8/descriptor/ejb-jar.xml
@glassfishrobot Commented crperez said: [glassfish~svn:61366] #20036 - Remove commented code blocks
Project: glassfish Repository: svn Revision: 61366 Author: crperez Date: 2013-04-11 17:01:48 UTC Link:
61366
trunk/main/appserver/ejb/ejb-full-container/src/main/java/org/glassfish/ejb/mdb/MessageBeanContextImpl.java trunk/main/appserver/ejb/ejb-container/src/main/java/com/sun/ejb/containers/EJBContextImpl.java
@glassfishrobot Commented Was assigned to crperez
@glassfishrobot Commented This issue was imported from java.net JIRA GLASSFISH-20036
@glassfishrobot Commented Reported by crperez
@glassfishrobot Commented Marked as fixed on Wednesday, April 10th 2013, 8:23:01 am
The EJB spec requires that role references be declared either by annotation (@DeclareRole or @RolesAllowed) or by security-role-ref within the EJB deployment descriptor. The EJB sepc does not consider the definition of a security-role within the EJB deployment descriptor, as an implicit declaration of a corresponding security-role-ref for the role (given that the security-role-ref has not otherwise been declared).
Affected Versions
[4.0]