[jboss-jira] [JBoss JIRA] (ELY-407) Add the ability for SecurityIdentity.getRoles() to fall back to the default if the given category is undefined
Farah Juma (JIRA)
issues at jboss.org
Tue Jan 26 16:41:00 EST 2016
Farah Juma created ELY-407:
------------------------------
Summary: Add the ability for SecurityIdentity.getRoles() to fall back to the default if the given category is undefined
Key: ELY-407
URL: https://issues.jboss.org/browse/ELY-407
Project: WildFly Elytron
Issue Type: Enhancement
Components: API / SPI
Reporter: Farah Juma
Assignee: Farah Juma
As an example, consider the following scenario:
I have a simple secured servlet that invokes an EJB method that's secured, where both the servlet and the EJB are using the default Elytron security domain that's defined for applications (i.e., "ApplicationDomain"). There's a user defined in the "ApplicationRealm" that has the role that's required to access the servlet and the EJB method. Undertow uses {{securityIdentity.getRoles()}} to check if a user is authorized, so the user is able to access the servlet. However, the EJB subsystem uses {{securityIdentity.getRoles("ejb")}} to check if a user is authorized and since no "ejb" category is defined, an {{EJBAccessException}} would occur when attempting to invoke the EJB method.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list