[
https://issues.jboss.org/browse/AS7-5075?page=com.atlassian.jira.plugin.s...
]
jaikiran pai commented on AS7-5075:
-----------------------------------
I would be surprised if we don't have tests for secured invocation via local EJB
interfaces in our testsuite. In fact, I do see in our testsuite that the
org.jboss.as.test.integration.ejb.security.EJBSecurityTestCase uses local interface of a
bean for a security test.
So what I'm looking for, from you, is a code snippet from your application which shows
the bean class(es) and any annotations/deployment descriptors that you use and the client
invocation (including any login that's involved). It need not be a runnable
application, just a code snippet is fine.
Local ejb calls are always anonymous
------------------------------------
Key: AS7-5075
URL:
https://issues.jboss.org/browse/AS7-5075
Project: Application Server 7
Issue Type: Bug
Components: EJB
Affects Versions: 7.1.2.Final (EAP)
Reporter: Michael Gronau
Assignee: jaikiran pai
Labels: ejb, local, remote
Calling an ejb from within a mbean service for example is always running under
'anonymous' user even with a JAAS login before the invocation.
Debugging has shown that only a correct security context is created by the
SimpleSecurityManager when the call comes from a remote client.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira