[jboss-jira] [JBoss JIRA] (WFLY-8918) EJB run-as identity gets lost if an unsecured ejb in the call stack
Derek Horton (JIRA)
issues at jboss.org
Fri Jun 9 15:22:00 EDT 2017
Derek Horton created WFLY-8918:
----------------------------------
Summary: EJB run-as identity gets lost if an unsecured ejb in the call stack
Key: WFLY-8918
URL: https://issues.jboss.org/browse/WFLY-8918
Project: WildFly
Issue Type: Bug
Components: EJB, Security
Affects Versions: 11.0.0.Alpha1
Reporter: Derek Horton
Assignee: Darran Lofthouse
Attachments: SimpleEAR_EJB3.ear
Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.
An example might look like this:
unsecured web app (RunAs: JBossAdmin) -> unsecured EJB -> secured EJB (RolesAllowed: JBossAdmin)
This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list