[esb-issues] [JBoss JIRA] Commented: (JBESB-2136) Security context not passed to EJB in a way that EJB understands

Kevin Conner (JIRA) jira-events at lists.jboss.org
Mon Oct 20 14:44:21 EDT 2008 

    [ https://jira.jboss.org/jira/browse/JBESB-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12434524#action_12434524 ] 

Kevin Conner commented on JBESB-2136:
-------------------------------------

The reason this is not working is that the credential passed into the pushSecurityContext method is not the password used to validate the user but the set of public credentials as initialised in the subject.

As a consequence the EJB interceptor attempts to login using the set as the password, attempting to cast it to char[], String, checking for a toCharArray method and finally executing toString.  The password being used is, therefore [].

I can only guess that the SSO login module handles the credentials in a different manner.

> Security context not passed to EJB in a way that EJB understands
> ----------------------------------------------------------------
>
>                 Key: JBESB-2136
>                 URL: https://jira.jboss.org/jira/browse/JBESB-2136
>             Project: JBoss ESB
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Rosetta
>    Affects Versions: 4.4
>            Reporter: Martin Vecera
>            Assignee: Daniel Bevenius
>             Fix For: 4.4 CP1
>
>         Attachments: security_ejb.tar.bz2
>
>
> It is not possible to call secured EJB (secured with annotations, see attached file) from secured ESB service.
> The ESB's security context is passed - comment out security annotations @SecurityDomain and @RolesAllowed in ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and rerun the test. You'll see the Subject passed which is correct.
> You can run this example by copying it to quickstarts and running:
> ant deploy-ejb
> ant deploy
> ant runtest

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the esb-issues mailing list