These tests pass on the JBoss/WildFly without any additional security settings/definition because PicketBox (JBoss Java Security framework) can handle callers (RunAs) identity. It is worth of checking/debugging in https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/authorization/modules/ejb/EJBPolicyModuleDelegate.java#L190 where the SimpleRole and SimpleRoleGroupd is created and then compared to deployment role. This code is called within e.g SecurityContext.isCallerInRole("printer").
I suggest to merge https://github.com/cdi-spec/cdi-tck/pull/77/files and consider this issue as fixed. This is more about container security impl than CDI/CDI-TCK itself so I think we can't do anything better in this case.
|