[OPENEJB-1919] no security roles check if ejb Method parameter is an Array - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 4.0.0, 4.5.0
Fix Version/s: None
Component/s: security
Labels:
- RolesAllowed
- array
- maven
- security
- test
Environment:
embedded container, maven, win XP, Linux (3.2.0-31-generic-pae), OpenJDK Runtime Environment (IcedTea7 2.3.2) (7u7-2.3.2a-0ubuntu0.12.04.1), Sun 1.6.0_20-b02

Description

If an EJB method contains an array parameter openejb didn't check the allowed Roles.

Example:

@Stateless
public class MyEjb {
@RolesAllowed("admin")
public void goAdminStringArray(String[] args) {
}
}

public class MyEjbTest {

@EJB
private MyEjb myEjb;

@Before
public void setUp() throws NamingException

{ EJBContainer.createEJBContainer().getContext().bind("inject", this); }

@Test(expected = EJBAccessException.class)
public void testWithArray() {
// hmm ... array parameter == no Security check ???
myEjb.goAdminStringArray(new String[]

{"a", "b"}

);
}
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ejbArrayParaTest.zip
11/Oct/12 09:35
2 kB
Andreas Keefer

Activity

People

Assignee:: Unassigned

Reporter:: Andreas Keefer

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Oct/12 09:33

Updated:: 12/Oct/12 09:24

Resolved:: 12/Oct/12 09:24