[
https://issues.redhat.com/browse/WFLY-14307?page=com.atlassian.jira.plugi...
]
Cheng Fang commented on WFLY-14307:
-----------------------------------
From the RunAsPrincipal class
(
https://github.com/wildfly/jboss-ejb3-ext-api/blob/master/src/main/java/o...):
"Annotation for specifying the additional security Principal for which this bean
executes"
indicates this annotation is targeted for ejb bean class, not for servlet.
RunAsPrincipal from Servlet not propagated to secured EJB
---------------------------------------------------------
Key: WFLY-14307
URL:
https://issues.redhat.com/browse/WFLY-14307
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 22.0.0.Final
Reporter: Joerg Baesner
Assignee: Darran Lofthouse
Priority: Major
Attachments: playground.zip
In a single enterprise application (ear) with a _web_ module and a _ejb_ module, a call
from a {{Servlet}} annotated with {{@RunAsPrincipal(...)}} and {{@RunAs(...)}} to a
secured SLSB does not propagate the principal to the EJB.
See the explanations in the _Steps to Reproduce_ section for more details
--
This message was sent by Atlassian Jira
(v8.13.1#813001)