[jboss-jira] [JBoss JIRA] (WFLY-3313) Websocket Auth - Container is not aware of the Principal

Juraci Paixão Kröhling (JIRA) issues at jboss.org
Wed Apr 13 04:20:00 EDT 2016


    [ https://issues.jboss.org/browse/WFLY-3313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13190988#comment-13190988 ] 

Juraci Paixão Kröhling edited comment on WFLY-3313 at 4/13/16 4:19 AM:
-----------------------------------------------------------------------

Apparently, this is still happening. Using the [javaee7-samples' "websocket/endpoint-security"|http://blog.arungupta.me/securing-websockets-username-password-servlet-security-techtip49/] as base and using the following code, I get the proper user on the WS Session's principal and anonymous on EJB's session context.

{code}
@ServerEndpoint(value = "/websocket")
@Stateless
public class MyEndpoint {

    @SuppressWarnings("EjbEnvironmentInspection") @Resource
    SessionContext sessionContext;

    @OnMessage
    public String echoText(Session session, String text) {
        Principal sessionP = session.getUserPrincipal();
        Principal p = sessionContext.getCallerPrincipal();

        return text;
    }
}
{code}


was (Author: juraci.costa):
Apparently, this is still happening.

> Websocket Auth - Container is not aware of the Principal
> --------------------------------------------------------
>
>                 Key: WFLY-3313
>                 URL: https://issues.jboss.org/browse/WFLY-3313
>             Project: WildFly
>          Issue Type: Bug
>          Components: EJB, Security, Web (Undertow)
>    Affects Versions: 8.1.0.CR1, 10.0.0.Final
>            Reporter: Markus D
>            Assignee: Jason Greene
>
> The Websocket is protected by the web.xml. The session object of the callback object correctly returns the principal. 
> When an EJB is called the callerPrincipal is always anonymous. 
> @Resource
>    private SessionContext ctx;
> Principal callerPrincipal = ctx.getCallerPrincipal();
> Running thread here:
> https://community.jboss.org/thread/240617
> Shouldn't the principal be propagated to the EJB container when a websocket callback method triggered?



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)



More information about the jboss-jira mailing list