[jboss-jira] [JBoss JIRA] (WFLY-4385) Authentication is not propagated to EJB in the login request

Paulo Cesar Silva Reis (JIRA) issues at jboss.org
Wed Feb 25 10:24:49 EST 2015 

     [ https://issues.jboss.org/browse/WFLY-4385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paulo Cesar Silva Reis updated WFLY-4385:
-----------------------------------------
    Attachment: wildfly-4385.zip


Follow what you've requested.

Please, run setup.groovy to configure datasource, security, install mysql module etc.

Sorry but I've tried to make it really easy for you to run, I hope it helps.

After that, you must invoke the follow url: http://localhost:8080/login

The server will print the principal from request and ejb and then the same information should return to you as JSON but you will see this instead:

{"httpRequestPrincipal":"test","ejbCallerPrincipal":"anonymous"}


If I remove AuthBusiness and perform the login directly in the REST Resource class, ejb context is aware of the principal, but as Im using another EJB to do the login job, things get ugly!!

Let me know if you have any doubt.

Thanks in advance!

> Authentication is not propagated to EJB in the login request
> ------------------------------------------------------------
>
>                 Key: WFLY-4385
>                 URL: https://issues.jboss.org/browse/WFLY-4385
>             Project: WildFly
>          Issue Type: Bug
>          Components: EJB
>    Affects Versions: 8.2.0.Final
>         Environment: MAC OSX YOSEMITE
> JAVA ORACLE 1.8
> WILDFLY 8.2.0.FINAL STANDALONE
>            Reporter: Paulo Cesar Silva Reis
>            Assignee: Darran Lofthouse
>              Labels: authentication, ejb, http, login, roles, web
>         Attachments: wildfly-4385.zip
>
>
> I'm migrating from glassfish to wildfly and noticed few weird things.
> When you perform login through web container (request.login(user, pwd)), the principal is not propagated to EJB Container, only for web container.
> To test that, this is what I did:
>   . BASIC AUTH
>   . EJB receives HttpServletRequest with user data and perform login
>   . Print request.getUserPrincipal() => ok, logged in
>   . Print EJBContext.getCallerPrincipal() => anonymous
> This happens in the same request that user logged in. In the subsequent requests (using Set-Cookie response and cookie with JSESSIONID in request), the EJB is aware of the authentication.
> Is that the right behavior? 'Cause in glassfish is different, the principal is propagated immediately to EJB.
> Thanks in advance.



--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

More information about the jboss-jira mailing list