[jboss-jira] [JBoss JIRA] (WFLY-8917) EJB run-as identity gets lost if an unsecured ejb in the call stack
RH Bugzilla Integration (JIRA)
issues at jboss.org
Fri Jun 9 15:37:00 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
RH Bugzilla Integration updated WFLY-8917:
------------------------------------------
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1460347
Bugzilla Update: Perform
> EJB run-as identity gets lost if an unsecured ejb in the call stack
> --------------------------------------------------------------------
>
> Key: WFLY-8917
> URL: https://issues.jboss.org/browse/WFLY-8917
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Derek Horton
> Assignee: Darran Lofthouse
> Attachments: SimpleEAR_EJB3.ear
>
>
> Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.
> An example might look like this:
> unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)
> This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list