[jboss-jira] [JBoss JIRA] (WFLY-4166) EJB Security Context lost when doing cross context includes

Jens Viebig (JIRA) issues at jboss.org
Tue Dec 9 09:28:40 EST 2014 

Jens Viebig created WFLY-4166:
---------------------------------

             Summary: EJB Security Context lost when doing cross context includes
                 Key: WFLY-4166
                 URL: https://issues.jboss.org/browse/WFLY-4166
             Project: WildFly
          Issue Type: Bug
          Components: EJB, Web (Undertow)
    Affects Versions: 8.2.0.Final
         Environment: SLES 12
            Reporter: Jens Viebig
            Assignee: David Lloyd


I'm getting a javax.ejb.EJBAccessException: JBAS014502 Exception when doing cross context includes across two secured webapps calling a secured EJB.

Imagine two Servlets ServletOne and ServletTwo. ServletOne is a basic servlet that only prints "OK" and ServletTwo that is a basic servlet that prints "EJB OK" if ejb method could be accessed and "EJB EXCEPTION" when the call fails. This is packaged into a war that is deployed on the server twice with different names "simple-webapp.war" and "simple-webapp2.war"

The war also includes a jsp index.jsp:

<%@ taglib prefix="c"   uri="http://java.sun.com/jsp/jstl/core" %>
<p>/simple-webapp/ServletOne</p>
<c:import url="/ServletOne" context="/simple-webapp"/>
<p>/simple-webapp/ServletTwo</p>
<c:import url="/ServletTwo" context="/simple-webapp"/>
<p>/simple-webapp2/ServletOne</p>
<c:import url="/ServletOne" context="/simple-webapp2"/>
<p>/simple-webapp/ServletTwo</p>
<c:import url="/ServletTwo" context="/simple-webapp"/>
<p>/simple-webapp2/ServletTwo</p>
<c:import url="/ServletTwo" context="/simple-webapp2"/>

The Output is:
<p>/simple-webapp/ServletOne</p>
OK
<p>/simple-webapp/ServletTwo</p>
EJB OK
<p>/simple-webapp2/ServletOne</p>
OK
<p>/simple-webapp/ServletTwo</p>
EJB EXCEPTION
<p>/simple-webapp2/ServletTwo</p>
EJB OK

It seems that a cross context call to another app was made, it is not possible to call secured ejbs in the same request from the first webapp. This does not affect new requests, only requests that do the cross context include. 



--
This message was sent by Atlassian JIRA
(v6.3.8#6338)

More information about the jboss-jira mailing list