[jboss-jira] [JBoss JIRA] (WFLY-9039) EJB with Elytron propagate identity even when it should not

Jan Kalina (JIRA) issues at jboss.org
Sun Jul 2 04:12:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFLY-9039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina updated WFLY-9039:
-----------------------------
    Description: 
In *testSingletonPostconstructSecurityNotPropagating*, when Elytron enabled, identity (including Admin role) is propagated into *StatelessBBean*:

{code}
StatelessSingletonUseBean
SimpleSingletonBean
| check Admin in [Admin] (has required role)
StatelessBBean
{code}

In non-Elytron case the check is unsuccessful as test require, because identity is not propagated:

{code}
StatelessSingletonUseBean
SimpleSingletonBean
| authorize
EXCEPTION
 methodRoles = Admin
 securityContext.subjectInfo = anonymouse
{code}

This is lack of WFLY-981 in Elytron:




  was:
In *testSingletonPostconstructSecurityNotPropagating*, when Elytron enabled, identity (including Admin role) is propagated into *StatelessBBean*:

{code}
StatelessSingletonUseBean
SimpleSingletonBean
| check Admin in [Admin] (has required role)
StatelessBBean
{code}

In non-Elytron case the check is unsuccessful, as test require, because identity is not propagated:

{code}
StatelessSingletonUseBean
SimpleSingletonBean
| authorize
EXCEPTION
 methodRoles = Admin
 securityContext.subjectInfo = anonymouse
{code}



> EJB with Elytron propagate identity even when it should not
> -----------------------------------------------------------
>
>                 Key: WFLY-9039
>                 URL: https://issues.jboss.org/browse/WFLY-9039
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 11.0.0.Alpha1
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Blocker
>
> In *testSingletonPostconstructSecurityNotPropagating*, when Elytron enabled, identity (including Admin role) is propagated into *StatelessBBean*:
> {code}
> StatelessSingletonUseBean
> SimpleSingletonBean
> | check Admin in [Admin] (has required role)
> StatelessBBean
> {code}
> In non-Elytron case the check is unsuccessful as test require, because identity is not propagated:
> {code}
> StatelessSingletonUseBean
> SimpleSingletonBean
> | authorize
> EXCEPTION
>  methodRoles = Admin
>  securityContext.subjectInfo = anonymouse
> {code}
> This is lack of WFLY-981 in Elytron:



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list