2:16 p.m.
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:16 p.m.
New subject: [JBoss JIRA] Updated: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Martin Vecera updated JBESB-2136:
---------------------------------
Attachment: security_ejb.tar.bz2
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:28 p.m.
New subject: [JBoss JIRA] Assigned: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Daniel Bevenius reassigned JBESB-2136:
--------------------------------------
Assignee: Daniel Bevenius
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Assignee: Daniel Bevenius
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:50 p.m.
New subject: [JBoss JIRA] Assigned: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Kevin Conner reassigned JBESB-2136:
-----------------------------------
Assignee: (was: Daniel Bevenius)
Daniel, please leave until we have a chance to talk about it.
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:38 p.m.
New subject: [JBoss JIRA] Updated: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Kevin Conner updated JBESB-2136:
--------------------------------
Fix Version/s: 4.4 CP1
Assignee: Daniel Bevenius
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Assignee: Daniel Bevenius
Fix For: 4.4 CP1
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:44 p.m.
New subject: [JBoss JIRA] Commented: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Kevin Conner commented on JBESB-2136:
-------------------------------------
The reason this is not working is that the credential passed into the pushSecurityContext
method is not the password used to validate the user but the set of public credentials as
initialised in the subject.
As a consequence the EJB interceptor attempts to login using the set as the password,
attempting to cast it to char[], String, checking for a toCharArray method and finally
executing toString. The password being used is, therefore [].
I can only guess that the SSO login module handles the credentials in a different manner.
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Assignee: Daniel Bevenius
Fix For: 4.4 CP1
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:09 p.m.
New subject: [JBoss JIRA] Commented: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Daniel Bevenius commented on JBESB-2136:
----------------------------------------
Thanks Kev.
I'll do this and check it in as part as part of
https://jira.jboss.org/jira/browse/JBESB-2126 as this also effects the security
propagation.
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Assignee: Daniel Bevenius
Fix For: 4.4 CP1
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:09 p.m.
New subject: [JBoss JIRA] Work started: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Work on JBESB-2136 started by Daniel Bevenius.
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Assignee: Daniel Bevenius
Fix For: 4.4 CP1
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:12 p.m.
New subject: [JBoss JIRA] Closed: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Daniel Bevenius closed JBESB-2136.
----------------------------------
Resolution: Done
Commited to JBESB_4_4_GA_CP revision 23536.
Verified with the supplied quickstart.
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Assignee: Daniel Bevenius
Fix For: 4.4 CP1
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:49 p.m.
New subject: [JBoss JIRA] Closed: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Kevin Conner closed JBESB-2136.
-------------------------------
Fix Version/s: 4.4 CP2
(was: 4.4 CP1)
Resolution: Done
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Assignee: Daniel Bevenius
Fix For: 4.4 CP2
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:49 p.m.
New subject: [JBoss JIRA] Reopened: (JBESB-2136) Security context not passed to EJB in a way that EJB understands
[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Kevin Conner reopened JBESB-2136:
---------------------------------
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL: https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Assignee: Daniel Bevenius
Fix For: 4.4 CP2
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5703
days inactive
5717
days old
10 comments
3 participants
participants (3)
-
Daniel Bevenius (JIRA) -
Kevin Conner (JIRA)
-
Martin Vecera (JIRA)