[jboss-as7-dev] The principal is not propagated to ejb session context
Anil Saldhana
Anil.Saldhana at redhat.com
Tue Oct 18 07:42:50 EDT 2011
The SecurityAssociationValve (which should in fact be named
SecurityContextValve) sets up the SecurityContext for the web container
authentication. The web container auth starts with Authenticator which
will invoke the realm (JBossWebRealm). The realm will perform the
authentication and create a subject. Right then, the subject needs to
be pushed onto the Security Context. Now when the call goes to any
other EE component such as EJB3, that integration needs to pick the
SecurityContext details.
I support the creation of a JIRA issue to track this example deployment.
Thanks JP. :)
On 10/18/2011 06:18 AM, Jaikiran Pai wrote:
> This indeed appears to be a bug. I also looked at our AS7 testsuite and
> all of those tests do programatic login within the servlet or the tests
> before invoking the bean. Dieter, on the other hand uses container
> managed login (FORM based) and is running into this issue.
>
> I looked into the code and IMO the
> org.jboss.as.web.security.SecurityContextAssociationValve (which is
> setting up the principal) is added at the wrong place. This valve is the
> first one to be executed even before the FormBasedAuthenticatorValve
> kicks in. As a result, the SecurityContextAssociationValve doesn't have
> the right principal to associate with the request.
>
> Dieter, could you please create a JIRA for this (if you haven't yet)
> here https://issues.jboss.org/browse/AS7
>
> -Jaikiran
>
> On Tuesday 18 October 2011 03:18 PM, Jaikiran Pai wrote:
>> Thanks. I'm having a look.
>>
>> -Jaikiran
>> On Tuesday 18 October 2011 03:08 AM, Dieter Tengelmann wrote:
>>> Hi, Anil,
>>>
>>> I've attached ear file and sources at the forum thread:
>>> http://community.jboss.org/thread/173494
>>>
>>> Best regards,
>>> Dieter
More information about the jboss-as7-dev
mailing list