[jboss-jira] [JBoss JIRA] (WFLY-3313) Websocket Auth - Container is not aware of the Principal
Martin Choma (Jira)
issues at jboss.org
Thu Dec 20 05:05:04 EST 2018
[ https://issues.jboss.org/browse/WFLY-3313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Choma updated WFLY-3313:
-------------------------------
Steps to Reproduce:
1) download and unzip fresh WF 15
2) add-user.sh -a -u u1 -p p1 -g g1
3) deploy websocket-endpoint-security.war built from https://github.com/mchoma/javaee7-samples/tree/WFLY-3313
4) http://localhost:8080/websocket-endpoint-security/
5) Submit button "Echo"
6) there is "u1 anonymous" in server console log should be "u1 u1"
Note, same is valid with Elytron turn on (using enable-elytron.cli)
was:
1) download and unzip fresh WF 15
2) add-user.sh -a -u u1 -p p1 -g g1
3) deploy websocket-endpoint-security.war
4) http://localhost:8080/websocket-endpoint-security/
5) Submit button "Echo"
6) there is "u1 anonymous" in server console log should be "u1 u1"
Note, same is valid with Elytron turn on (using enable-elytron.cli)
> Websocket Auth - Container is not aware of the Principal
> --------------------------------------------------------
>
> Key: WFLY-3313
> URL: https://issues.jboss.org/browse/WFLY-3313
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security, Web (Undertow), Web Sockets
> Affects Versions: 8.1.0.CR1, 10.0.0.Final, 15.0.0.Final
> Reporter: Markus D
> Assignee: Stuart Douglas
> Priority: Major
> Attachments: websocket-different-principals-ejb-vs-socket.png, websocket-endpoint-security.war
>
>
> The Websocket is protected by the web.xml. The session object of the callback object correctly returns the principal.
> When an EJB is called the callerPrincipal is always anonymous.
> @Resource
> private SessionContext ctx;
> Principal callerPrincipal = ctx.getCallerPrincipal();
> Running thread here:
> https://community.jboss.org/thread/240617
> Shouldn't the principal be propagated to the EJB container when a websocket callback method triggered?
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list