[jboss-jira] [JBoss JIRA] (AS7-5075) Local ejb calls are always anonymous
jaikiran pai (JIRA)
jira-events at lists.jboss.org
Wed Jun 27 03:37:12 EDT 2012
[ https://issues.jboss.org/browse/AS7-5075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12703480#comment-12703480 ]
jaikiran pai commented on AS7-5075:
-----------------------------------
I would be surprised if we don't have tests for secured invocation via local EJB interfaces in our testsuite. In fact, I do see in our testsuite that the org.jboss.as.test.integration.ejb.security.EJBSecurityTestCase uses local interface of a bean for a security test.
So what I'm looking for, from you, is a code snippet from your application which shows the bean class(es) and any annotations/deployment descriptors that you use and the client invocation (including any login that's involved). It need not be a runnable application, just a code snippet is fine.
> Local ejb calls are always anonymous
> ------------------------------------
>
> Key: AS7-5075
> URL: https://issues.jboss.org/browse/AS7-5075
> Project: Application Server 7
> Issue Type: Bug
> Components: EJB
> Affects Versions: 7.1.2.Final (EAP)
> Reporter: Michael Gronau
> Assignee: jaikiran pai
> Labels: ejb, local, remote
>
> Calling an ejb from within a mbean service for example is always running under 'anonymous' user even with a JAAS login before the invocation.
> Debugging has shown that only a correct security context is created by the SimpleSecurityManager when the call comes from a remote client.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list