Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-7324

javax.ejb.EJBAccessException does not contain information about what roles are required anymore

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Out of Date
    • Affects Version/s: JBossAS-4.2.3.GA
    • Fix Version/s: No Release
    • Component/s: EJB, Security
    • Labels:
      None

      Description

      The SecurityException thrown when accessing EJB2 beans without sufficient permissions contained the information what roles exactly were required. The exception message contained sth. like this: "requiredRoles=[org.nightlabs.jfire.store.seeProductType], principalRoles=[_Guest_]"

      This was an easily parseable text and we used it to show the user a nice error message with detailed information about what rights he should request from his boss or his administrator.

      Unfortunately, after we switched to EJB3, the now thrown EJBAccessException does not contain this information anymore. It simply says "Authorization failure" without any details.

      Please extend org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor to pass the required information (in a parseable form in the exception message).

      Reference to our issue (with a stack trace and maybe other useful information): https://www.jfire.org/modules/bugs/view.php?id=1292

        Attachments

          Activity

            People

            Assignee:
            wolfc Carlo de Wolf
            Reporter:
            nlmarco Marco Nguitragool
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: