[Red Hat JIRA] (WFLY-14189) The RunAs annotation doesn't work in EJBs with Elytron
by Alessandro Moscatelli (Jira)
[ https://issues.redhat.com/browse/WFLY-14189?page=com.atlassian.jira.plugi... ]
Alessandro Moscatelli commented on WFLY-14189:
----------------------------------------------
<default-security-domain value="other"/>
<application-security-domains>
<application-security-domain name="other" enable-jacc="true" security-domain="ApplicationDomain"/>
</application-security-domains>
> The RunAs annotation doesn't work in EJBs with Elytron
> ------------------------------------------------------
>
> Key: WFLY-14189
> URL: https://issues.redhat.com/browse/WFLY-14189
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security
> Affects Versions: 21.0.0.Final
> Reporter: Alessandro Moscatelli
> Assignee: Diana Vilkolakova
> Priority: Major
> Labels: ejb, elytron, regression, runas, security, startup
> Attachments: standalone-full-ha.new.xml, test.zip
>
>
> Role is not correctly assigned when using @RunAs annotation and Elytron Security Domain. Everything works correctly with legacy picketbox Security Domain.
> Wildfly is configured to use default "other" application-security-domain, also using default security domain ApplicationDomain.
> This exception is rised when deploying the application.
> Caused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract void org.visiontech.test.TestInterface.test() of bean: Test2 is not allowedCaused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract void org.visiontech.test.TestInterface.test() of bean: Test2 is not allowed at org.jboss.as.ejb3@21.0.0.Final//org.jboss.as.ejb3.security.JaccInterceptor.hasPermission(JaccInterceptor.java:120)
> Test/Sample project: [^test.zip]
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 8 months
[Red Hat JIRA] (WFLY-14189) The RunAs annotation doesn't work in EJBs with Elytron
by Alessandro Moscatelli (Jira)
[ https://issues.redhat.com/browse/WFLY-14189?page=com.atlassian.jira.plugi... ]
Alessandro Moscatelli commented on WFLY-14189:
----------------------------------------------
[~dvilkola] with PicketBox I used jboss-app.xml also. But that seemed ok to me since every other security feature also requires it while using PicketBox. Without jboss-app.xml HttpAuthenticationMechanism isn't triggered, for example.
With Elytron, everything works without jboss-app.xml but RunAs doesn't. That looked like something somebody forgot to update to me.
Also, I followed a couple of tutorials (without mention of RunAs annotation) for Elytron with examples without jboss-app.xml or jboss-web.xml so I imagined Elytron was designed to work without it.
If this is the intended behavior that's ok to me, even if I am not a big fan of configuration files. I'd rather have RunAs to stick with the default security domain like the rest of features. Even more since I specified the application security domain in both EJB sub system and undertow subsystems.
Thank you
> The RunAs annotation doesn't work in EJBs with Elytron
> ------------------------------------------------------
>
> Key: WFLY-14189
> URL: https://issues.redhat.com/browse/WFLY-14189
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security
> Affects Versions: 21.0.0.Final
> Reporter: Alessandro Moscatelli
> Assignee: Diana Vilkolakova
> Priority: Major
> Labels: ejb, elytron, regression, runas, security, startup
> Attachments: standalone-full-ha.new.xml, test.zip
>
>
> Role is not correctly assigned when using @RunAs annotation and Elytron Security Domain. Everything works correctly with legacy picketbox Security Domain.
> Wildfly is configured to use default "other" application-security-domain, also using default security domain ApplicationDomain.
> This exception is rised when deploying the application.
> Caused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract void org.visiontech.test.TestInterface.test() of bean: Test2 is not allowedCaused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract void org.visiontech.test.TestInterface.test() of bean: Test2 is not allowed at org.jboss.as.ejb3@21.0.0.Final//org.jboss.as.ejb3.security.JaccInterceptor.hasPermission(JaccInterceptor.java:120)
> Test/Sample project: [^test.zip]
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 8 months
[Red Hat JIRA] (WFCORE-4516) Allow server-identities expression resolution to support Base64 encoded system properties.
by Ilia Vassilev (Jira)
[ https://issues.redhat.com/browse/WFCORE-4516?page=com.atlassian.jira.plug... ]
Ilia Vassilev reassigned WFCORE-4516:
-------------------------------------
Assignee: Ilia Vassilev
> Allow server-identities expression resolution to support Base64 encoded system properties.
> ------------------------------------------------------------------------------------------
>
> Key: WFCORE-4516
> URL: https://issues.redhat.com/browse/WFCORE-4516
> Project: WildFly Core
> Issue Type: Feature Request
> Components: Management, Security
> Reporter: Indrajit Ingawale
> Assignee: Ilia Vassilev
> Priority: Major
>
> The expression for secret value under server-identities in test-security-realm does not work , even though it shows "expressions-allowed" to true like below .
> ----------------------------
> [standalone@localhost:9990 /] /core-service=management/security-realm=test-security-realm/server-identity=secret:read-resource-description()
> {
> "outcome" => "success",
> .
> .
> "attributes" =>
> {. . . . . }
> ,
> "value" =>
> { "type" => STRING, "description" => "The secret / password - Base64 Encoded.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }
> },
> "operations" => undefined,
> "notifications" => undefined,
> "children" => {}
> }
> }
> ----------------------------
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 8 months
[Red Hat JIRA] (WFLY-14189) The RunAs annotation doesn't work in EJBs with Elytron
by Diana Vilkolakova (Jira)
[ https://issues.redhat.com/browse/WFLY-14189?page=com.atlassian.jira.plugi... ]
Diana Vilkolakova commented on WFLY-14189:
------------------------------------------
[~alessandromoscatelli] I tried running your example with legacy security and I also had to specify security domain explicitly. Can I ask which version you had it working with? Thanks!
> The RunAs annotation doesn't work in EJBs with Elytron
> ------------------------------------------------------
>
> Key: WFLY-14189
> URL: https://issues.redhat.com/browse/WFLY-14189
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security
> Affects Versions: 21.0.0.Final
> Reporter: Alessandro Moscatelli
> Assignee: Diana Vilkolakova
> Priority: Major
> Labels: ejb, elytron, regression, runas, security, startup
> Attachments: standalone-full-ha.new.xml, test.zip
>
>
> Role is not correctly assigned when using @RunAs annotation and Elytron Security Domain. Everything works correctly with legacy picketbox Security Domain.
> Wildfly is configured to use default "other" application-security-domain, also using default security domain ApplicationDomain.
> This exception is rised when deploying the application.
> Caused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract void org.visiontech.test.TestInterface.test() of bean: Test2 is not allowedCaused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract void org.visiontech.test.TestInterface.test() of bean: Test2 is not allowed at org.jboss.as.ejb3@21.0.0.Final//org.jboss.as.ejb3.security.JaccInterceptor.hasPermission(JaccInterceptor.java:120)
> Test/Sample project: [^test.zip]
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 8 months