[
https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plu...
]
Kevin Conner commented on JBESB-2136:
-------------------------------------
The reason this is not working is that the credential passed into the pushSecurityContext
method is not the password used to validate the user but the set of public credentials as
initialised in the subject.
As a consequence the EJB interceptor attempts to login using the set as the password,
attempting to cast it to char[], String, checking for a toCharArray method and finally
executing toString. The password being used is, therefore [].
I can only guess that the SSO login module handles the credentials in a different manner.
Security context not passed to EJB in a way that EJB understands
----------------------------------------------------------------
Key: JBESB-2136
URL:
https://jira.jboss.org/jira/browse/JBESB-2136
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Martin Vecera
Assignee: Daniel Bevenius
Fix For: 4.4 CP1
Attachments: security_ejb.tar.bz2
It is not possible to call secured EJB (secured with annotations, see attached file) from
secured ESB service.
The ESB's security context is passed - comment out security annotations
@SecurityDomain and @RolesAllowed in
ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and
rerun the test. You'll see the Subject passed which is correct.
You can run this example by copying it to quickstarts and running:
ant deploy-ejb
ant deploy
ant runtest
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira