[jboss-jira] [JBoss JIRA] Commented: (JBAS-3945) RunAs Causes Unexpected Principal Propagation Switch

Rajesh Bhabu (JIRA) jira-events at lists.jboss.org
Mon Jan 26 21:33:44 EST 2009 

    [ https://jira.jboss.org/jira/browse/JBAS-3945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12449803#action_12449803 ] 

Rajesh Bhabu commented on JBAS-3945:
------------------------------------

I see similar issue on JBoss 4.2.3.  My issue is very similar to the one reported here.  I ran the test application provided by the filer on various versions of the Jboss. Here is the result:

JBoss 403SP1 - Works fine.
JBoss 405GA   - Fails
JBoss 423       - Fails
JBoss 422        - Fails
JBoss 421      - Fails
JBoss 420      - Fails
JBoss 5.0         - Fails

Will appreciate if some one can post on how to get around this issue.

> RunAs Causes Unexpected Principal Propagation Switch
> ----------------------------------------------------
>
>                 Key: JBAS-3945
>                 URL: https://jira.jboss.org/jira/browse/JBAS-3945
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-4.0.5.GA
>         Environment: JBoss 4.0.5.GA
> JSE 1.5.0_09
>            Reporter: Stefan Schulze
>            Assignee: Scott M Stark
>         Attachments: runAsError.zip
>
>
> My application is using JAAS authentication on web and ejb side. An authenticated user calls a stateless session bean from the web application which uses 'runAs' to change security role and calls a second stateless session bean. The second bean recuperates an 'anonymous' principal but it should be the authenticated user. This does not happen on our production server (JBoss 3.2.7) but on JBoss 4.05.GA.
> Test case:
> I try to attach my test case (where can I attach it ???) which boils down the problem.
> To run it, please
> - unzip the file (runAsError.zip)
> - you can import the content as a project in Eclipse if you prefer
> - change the 'jboss.dist' property in the 'ant.properties' file to your jBoss 4.0.5.GA installation
> - run the 'install' target of 'build.xml' which creates a  new jboss container called 'runAsError'
> - start the 'runAsError' container (run -c runAsError)
> - run the 'test' target of 'build.xml'
> What happens:
> Standalone client calls Session1.hello() with caller principal 'max' . Session1 calls Session2.hello2() using runAs 'internal'. Session2 should get caller principal 'max' but gets 'anonymous'. See Exception that is thrown in SessionBean2.hello2().
> It seems to be a different bug than http://jira.jboss.com/jira/browse/JBAS-1852 since I run the JBAS-1852 test and it seemed to work (I had some troubles with the DatabaseServerLoginModule that were probably related to my incompetence ;-).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list