[jboss-jira] [JBoss JIRA] (WFLY-8568) Elytron outflow-security-domains doesn't work for Servlet-to-EJB calls
Darran Lofthouse (JIRA)
issues at jboss.org
Wed Sep 20 10:24:02 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated WFLY-8568:
-----------------------------------
Priority: Major (was: Blocker)
> Elytron outflow-security-domains doesn't work for Servlet-to-EJB calls
> ----------------------------------------------------------------------
>
> Key: WFLY-8568
> URL: https://issues.jboss.org/browse/WFLY-8568
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security, Web (Undertow)
> Reporter: Josef Cacek
> Assignee: David Lloyd
>
> Security context propagation with using Elytron {{outflow-security-domains}} attribute in security domain doesn't work for Servlet-to-EJB calls.
> This could also be a test configuration issue, but as there is not yet documentation covering this area, I can't guess what could be wrong in the scenario.
> 1. I have 2 similar web applications with servlets and EJBs:
> * the `secured-webapp` is mapped to `web-tests` security domain
> * the `second` application is mapped to `second-domain` security domain
> 2. Undertow and EJB subsystems maps the application domains `web-tests` and `second-domain` to Elytron domains with the same name.
> 3. trust between the domains is defined in following way:
> {code}
> /subsystem=elytron/security-domain=second-domain:write-attribute(name=outflow-security-domains,value=[web-tests])
> /subsystem=elytron/security-domain=second-domain:write-attribute(name=trusted-security-domains, value=[web-tests])
> /subsystem=elytron/security-domain=web-tests:write-attribute(name=trusted-security-domains, value=[second-domain])
> {code}
> 4. the test itself calls servlet from the `second` web application and it calls protected EJB from the `secured-webapp`.
> The EJB call fails with EJBAccessException
> {noformat}
> 14:30:04,631 ERROR [org.jboss.as.ejb3.invocation] (default task-3) WFLYEJB0034: EJB Invocation failed on component HelloBean for method public abstract java.lang.String org.jboss.test.ejb.Hello.sayHello(): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract java.lang.String org.jboss.test.ejb.Hello.sayHello() of bean: HelloBean is not allowed
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list