[jboss-jira] [JBoss JIRA] (WFLY-981) @RunAs/@RunAsPrincipal are ignored for @Startup/@Singleton bean
Derek Horton (JIRA)
jira-events at lists.jboss.org
Thu Aug 15 15:07:26 EDT 2013
[ https://issues.jboss.org/browse/WFLY-981?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797165#comment-12797165 ]
Derek Horton commented on WFLY-981:
-----------------------------------
Emmanuel,
I think the test case needs to be adjusted. The Singleton/Startup bean should have a method annotated with @PostContruct that calls a secured EJB3 bean. The secured EJB should check to make sure that the @RunAsPrincipal is propagated.
I think the test should look like the following:
@Startup
@Singleton
@DependsOn("Hello")
@RunAs("JBossAdmin")
@RunAsPrincipal("Fred.Flintstone")
@SecurityDomain("jmx-console")
public class StartupTest {
@EJB
Hello hello;
@PostConstruct
void init() {
// the returnPrincipal() method should return the @RunAsPrincipal
String actual_principal = hello.returnPrincipal();
Assert.assertEquals("Fred.Flintstone", actual_principal);
}
}
@SecurityDomain("jmx-console")
@RolesAllowed({})
@Stateless(name="Hello")
@Local(Hello.class)
public class HelloBean implements Hello
{
@Resource
private SessionContext context;
@RolesAllowed("JBossAdmin")
public String returnPrincipal()
{
return context.getCallerPrincipal().getName();
}
}
Thanks,
Derek
> @RunAs/@RunAsPrincipal are ignored for @Startup/@Singleton bean
> ---------------------------------------------------------------
>
> Key: WFLY-981
> URL: https://issues.jboss.org/browse/WFLY-981
> Project: WildFly
> Issue Type: Bug
> Components: EJB
> Reporter: Derek Horton
> Assignee: Derek Horton
>
> The @RunAs/@RunAsPrincipal annotations get ignored when used on a singleton
> bean that is annotated with @Startup. This means the the singleton bean
> is not able to call protected EJBs.
> If the protected EJB is annotated with @PermitAll, then the
> singleton is able to invoke the method because the
> AuthorizationInterceptor create an "anonymous" user that is treated as
> authenticated. However, the @RunAsPrincipal is ignored as the
> getCallerPrincipal() returns anonymous instead of the @RunAsPrincipal.
> I dug around in the code and it looks like the @RunAs/@RunAsPrincipal
> annotations are getting handled correctly during deployment:
> Step completed: "thread=MSC service thread 1-3", org.jboss.as.ejb3.deployment.processors.merging.RunAsMergingProcessor.handleDeploymentDescriptor(), line=126 bci=249
> MSC service thread 1-3[1] print componentConfiguration.getRunAs()
> componentConfiguration.getRunAs() = "JBossAdmin"
> MSC service thread 1-3[1] print componentConfiguration.getRunAsPrincipal()
> componentConfiguration.getRunAsPrincipal() = "fred"
> However, by the time the SecurityContextInterceptor is called, the
> runAs/runAsPrincipal settings are null.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list