[Red Hat JIRA] (WFLY-14189) The RunAs annotation doesn't work in EJBs with Elytron

Tuesday, 12 January 2021

    [
https://issues.redhat.com/browse/WFLY-14189?page=com.atlassian.jira.plugi...
] 

Alessandro Moscatelli commented on WFLY-14189:
----------------------------------------------

I added this dependency:

 <dependency>
 <groupId>org.jboss.ejb3</groupId>
 <artifactId>jboss-ejb3-ext-api</artifactId>
 <version>2.3.0.Final</version>
 </dependency>

I also specified the SecurityDomain :

@SecurityDomain(value = "other")
@Singleton
@Startup
@RunAs("TEST")
public class Test1

Now deployment works :

10:40:46,296 INFO [stdout] (ServerService Thread Pool -- 198) IT WORKS!

10:40:46,336 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 198)
WFLYUT0021: Registered web context: '/test-1.0.0-SNAPSHOT' for server
'default-server'
10:40:46,383 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010:
Deployed "test-1.0.0-SNAPSHOT.war" (runtime-name :
"test-1.0.0-SNAPSHOT.war")

Of course, I don't want to include any AS specific dependency, I think it should work
out of the box without annotation since "other" is the default SecurityDomain,
am I wrong ?
Other security features work without such annotation.

Thank you in advance

...
 The RunAs annotation doesn't work in EJBs with Elytron
 ------------------------------------------------------

                 Key: WFLY-14189
                 URL: https://issues.redhat.com/browse/WFLY-14189
             Project: WildFly
          Issue Type: Bug
          Components: EJB, Security
    Affects Versions: 21.0.0.Final
            Reporter: Alessandro Moscatelli
            Assignee: Diana Vilkolakova
            Priority: Major
              Labels: ejb, elytron, regression, runas, security, startup
         Attachments: standalone-full-ha.new.xml, test.zip

 Role is not correctly assigned when using @RunAs annotation and Elytron Security Domain.
Everything works correctly with legacy picketbox Security Domain.
 Wildfly is configured to use default "other" application-security-domain, also
using default security domain ApplicationDomain.
 This exception is rised when deploying the application.
 Caused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public
abstract void org.visiontech.test.TestInterface.test() of bean: Test2 is not allowedCaused
by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract void
org.visiontech.test.TestInterface.test() of bean: Test2 is not allowed at
org.jboss.as.ejb3@21.0.0.Final//org.jboss.as.ejb3.security.JaccInterceptor.hasPermission(JaccInterceptor.java:120)
 Test/Sample project: [^test.zip] 

--
This message was sent by Atlassian Jira
(v8.13.1#813001)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006