[jboss-jira] [JBoss JIRA] (WFLY-8917) EJB run-as identity gets lost if an unsecured ejb in the call stack
RH Bugzilla Integration (JIRA)
issues at jboss.org
Fri Jan 5 10:44:00 EST 2018
[ https://issues.jboss.org/browse/WFLY-8917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510005#comment-13510005 ]
RH Bugzilla Integration commented on WFLY-8917:
-----------------------------------------------
Jiří Bílek <jbilek at redhat.com> changed the Status of [bug 1460347|https://bugzilla.redhat.com/show_bug.cgi?id=1460347] from ON_QA to VERIFIED
> EJB run-as identity gets lost if an unsecured ejb in the call stack
> --------------------------------------------------------------------
>
> Key: WFLY-8917
> URL: https://issues.jboss.org/browse/WFLY-8917
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Derek Horton
> Assignee: Darran Lofthouse
> Fix For: 11.0.0.Beta1
>
> Attachments: SimpleEAR_EJB3.ear
>
>
> Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.
> An example might look like this:
> unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)
> This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list