[jboss-jira] [JBoss JIRA] (WFLY-3313) Websocket Auth - Container is not aware of the Principal
Juraci Paixão Kröhling (JIRA)
issues at jboss.org
Wed Apr 13 04:20:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-3313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13190988#comment-13190988 ]
Juraci Paixão Kröhling edited comment on WFLY-3313 at 4/13/16 4:19 AM:
-----------------------------------------------------------------------
Apparently, this is still happening. Using the [javaee7-samples' "websocket/endpoint-security"|http://blog.arungupta.me/securing-websockets-username-password-servlet-security-techtip49/] as base and using the following code, I get the proper user on the WS Session's principal and anonymous on EJB's session context.
{code}
@ServerEndpoint(value = "/websocket")
@Stateless
public class MyEndpoint {
@SuppressWarnings("EjbEnvironmentInspection") @Resource
SessionContext sessionContext;
@OnMessage
public String echoText(Session session, String text) {
Principal sessionP = session.getUserPrincipal();
Principal p = sessionContext.getCallerPrincipal();
return text;
}
}
{code}
was (Author: juraci.costa):
Apparently, this is still happening.
> Websocket Auth - Container is not aware of the Principal
> --------------------------------------------------------
>
> Key: WFLY-3313
> URL: https://issues.jboss.org/browse/WFLY-3313
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security, Web (Undertow)
> Affects Versions: 8.1.0.CR1, 10.0.0.Final
> Reporter: Markus D
> Assignee: Jason Greene
>
> The Websocket is protected by the web.xml. The session object of the callback object correctly returns the principal.
> When an EJB is called the callerPrincipal is always anonymous.
> @Resource
> private SessionContext ctx;
> Principal callerPrincipal = ctx.getCallerPrincipal();
> Running thread here:
> https://community.jboss.org/thread/240617
> Shouldn't the principal be propagated to the EJB container when a websocket callback method triggered?
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list