[
https://jira.jboss.org/jira/browse/EJBTHREE-1738?page=com.atlassian.jira....
]
Andrew Lee Rubinger moved JBAS-6543 to EJBTHREE-1738:
-----------------------------------------------------
Project: EJB 3.0 (was: JBoss Application Server)
Key: EJBTHREE-1738 (was: JBAS-6543)
Component/s: core
(was: EJB3)
Affects Version/s: 1.1.1
(was: JBossAS-5.0.1.GA)
Security: (was: Public)
@RunAs no longer works on @Service beans
----------------------------------------
Key: EJBTHREE-1738
URL:
https://jira.jboss.org/jira/browse/EJBTHREE-1738
Project: EJB 3.0
Issue Type: Bug
Components: core
Affects Versions: 1.1.1
Reporter: Jeff Schnitzer
Assignee: Carlo de Wolf
The behavior of security domains on @Service beans has changed from 4.2 to 5.0.1. @RunAs
no longer works. This seems to make it impossible for a @Service to call a secured bean.
Take two @Services, one ClientService and one ServerService. Here's the
ServerService, note that it requires the "admin" role:
@Service(objectName="test:service=Server")
@SecurityDomain("foo")
@RolesAllowed("admin")
public class ServerService implements ServerManagement, Server
{
public void serve() {...}
}
The client tries to call the server:
@Service(objectName="test:service=Client")
@SecurityDomain("foo")
@RunAs("admin")
public class ClientService implements ClientManagement
{
@EJB Server server;
public void start() { server.serve(); }
}
This generates exceptions "No security context set". Alternatively, if the
Server is a stateless session ejb, the exception is "Caller unauthorized".
This same code works in 4.2.
If it will help I can attach a simple test project but since the error occurs on
deployment (service start), I don't know how to create a unit test.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira