Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-7324

javax.ejb.EJBAccessException does not contain information about what roles are required anymore

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Obsolete
    • Major
    • No Release
    • JBossAS-4.2.3.GA
    • EJB, Security
    • None
    • 0
    • 0% 0%

    Description

      The SecurityException thrown when accessing EJB2 beans without sufficient permissions contained the information what roles exactly were required. The exception message contained sth. like this: "requiredRoles=[org.nightlabs.jfire.store.seeProductType], principalRoles=[_Guest_]"

      This was an easily parseable text and we used it to show the user a nice error message with detailed information about what rights he should request from his boss or his administrator.

      Unfortunately, after we switched to EJB3, the now thrown EJBAccessException does not contain this information anymore. It simply says "Authorization failure" without any details.

      Please extend org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor to pass the required information (in a parseable form in the exception message).

      Reference to our issue (with a stack trace and maybe other useful information): https://www.jfire.org/modules/bugs/view.php?id=1292

      Attachments

        Activity

          People

            rhn-engineering-cdewolf Carlo de Wolf
            nlmarco Marco Nguitragool (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: