Details
Description
If an EJB method contains an array parameter openejb didn't check the allowed Roles.
Example:
@Stateless
public class MyEjb {
@RolesAllowed("admin")
public void goAdminStringArray(String[] args) {
}
}
public class MyEjbTest {
@EJB
private MyEjb myEjb;
@Before
public void setUp() throws NamingException
@Test(expected = EJBAccessException.class)
public void testWithArray() {
// hmm ... array parameter == no Security check ???
myEjb.goAdminStringArray(new String[]
);
}
}