[JBoss JIRA] (WFCORE-4076) EJB using legacy security order of SASL mechanism matters

Thursday, 30 August 2018



     [
https://issues.jboss.org/browse/WFCORE-4076?page=com.atlassian.jira.plugi...
]

Jiri Ondrusek reassigned WFCORE-4076:
-------------------------------------

    Assignee: Jiri Ondrusek


...
 EJB using legacy security order of SASL mechanism matters
 ---------------------------------------------------------

                 Key: WFCORE-4076
                 URL: https://issues.jboss.org/browse/WFCORE-4076
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
    Affects Versions: 6.0.0.Final
            Reporter: Martin Choma
            Assignee: Jiri Ondrusek

 Having configuration like this EJB call following reproducer works
 {code}
         <subsystem xmlns="urn:jboss:domain:remoting:4.0">
             <endpoint/>
             <http-connector name="http-remoting-connector"
connector-ref="default" security-realm="ApplicationRealm">
                 <properties>
                     <property name="SASL_MECHANISMS"
value="PLAIN,ANONYMOUS"/>
                     <property name="SASL_POLICY_NOANONYMOUS"
value="false"/>
                 </properties>
             </http-connector>
         </subsystem>
 {code}
 Switching mechanisms to <property name="SASL_MECHANISMS"
value="ANONYMOUS,PLAIN"/> causes error
 {code}
 17:52:50,441 ERROR [org.jboss.as.ejb3.invocation] (default task-1) WFLYEJB0034: EJB
Invocation failed on component GoodBye for method public abstract java.lang.String
jboss.example.ejb.GoodBye.sayGoodBye(): javax.ejb.EJBAccessException: WFLYSEC0027: Invalid
User
 	at
org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:69)
 	at
org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49)
 	at
org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:97)
 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
 	at
org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
 	at
org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
 	at
org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
 	at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
 	at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
 	at
org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
 	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
 	at
org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:619)
 	at
org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
 	at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
 	at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
 	at
org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:382)
 	at
org.jboss.as.ejb3.remote.AssociationImpl.invokeWithIdentity(AssociationImpl.java:556)
 	at org.jboss.as.ejb3.remote.AssociationImpl.invokeMethod(AssociationImpl.java:537)
 	at
org.jboss.as.ejb3.remote.AssociationImpl.lambda$receiveInvocationRequest$0(AssociationImpl.java:195)
 	at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
 	at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
 	at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
 	at java.lang.Thread.run(Thread.java:748)
 {code} 


--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006