ejb-security-interceptors quickstart has several issues ------------------------------------------------------- Key: WFLY-96 URL: https://issues.jboss.org/browse/WFLY-96 Project: WildFly Issue Type: Bug Components: EJB Reporter: Josef Cacek Assignee: Darran Lofthouse Fix For: 8.0.0.Alpha1 The ejb-security-interceptors quickstarts should be improved a little bit: * root element of the {{jboss-ejb3.xml}} deployment descriptor should be {{<ejb-jar>}} (c.f. AS7-6452) * DelegationLoginModule doesn't need the callbackHandler member variable, the parrent class holds it ({{AbstractServerLoginModule}}) * possible {{EJBException}} from the {{invocationContext.proceed()}} call is not correctly propagated in the {{ServerSecurityInterceptor}} The correct part of ServerSecurityInterceptor code should look like: {code} try { if (desiredUser != null && connectionUser != null && (desiredUser.getName().equals(connectionUser.getName()) == false)) { // The final part of this check is to verify that the change does actually indicate a change in user. try { // We have been requested to switch user and have successfully identified the user from the connection // so now we attempt the switch. cachedSecurityContext = SecurityActions.securityContextSetPrincipalInfo(desiredUser, new OuterUserCredential(connectionUser)); // keep track that we switched the security context contextSet = true; SecurityActions.remotingContextClear(); } catch (Exception e) { logger.error("Failed to switch security context for user", e); // Don't propagate the exception stacktrace back to the client for security reasons throw new EJBAccessException("Unable to attempt switching of user."); } } return invocationContext.proceed(); } finally { // switch back to original security context if (contextSet) { SecurityActions.securityContextSet(cachedSecurityContext); } } {code}