[jboss-jira] [JBoss JIRA] (WFLY-10997) WildFlyInitialContextFactory EJB proxy security behavior inconsistent with different context lookups

Bartosz Baranowski (Jira) issues at jboss.org
Thu Oct 25 06:09:02 EDT 2018 

     [ https://issues.jboss.org/browse/WFLY-10997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bartosz Baranowski updated WFLY-10997:
--------------------------------------
    Workaround Description: @RunAs("ejbuser") seems to alleviate problem. (At least if declared on Servlet from: http://lacrosse.corp.redhat.com/lgao/WFLY-10997_reproducer.zip)


>  WildFlyInitialContextFactory EJB proxy security behavior inconsistent with different context lookups
> -----------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-10997
>                 URL: https://issues.jboss.org/browse/WFLY-10997
>             Project: WildFly
>          Issue Type: Bug
>          Components: EJB
>            Reporter: Lin Gao
>            Assignee: Bartosz Baranowski
>            Priority: Major
>              Labels: downstream_dependency
>   Original Estimate: 3 days
>  Remaining Estimate: 3 days
>
> WildFlyInitialContextFactory EJB proxy security behavior inconsistent with different context lookups
> Using WildFlyInitialContextFactory and calling a remote EJB server.
> Observations: 
> 1) If the ejb lookup is "reproducer/TestSLSB!test.Test" (basically like a RemoteNaming lookup), the ejb is invoked successfully, but the caller is seen as anonymous instead of the ejbuser which is specified in the Context properties.
> Using the ejb-client type lookup: ejb:/reproducer/TestSLSB!test.Test , then it shows up as ejbuser as expected
> 2) if a client creates 2 InitialContexts and uses the lookup reproducer/TestSLSB!test.Test" on ctx1 , then uses the lookup "ejb:/reproducer/TestSLSB!test.Test " on ctx2 in that order, then they both show anonymous (as if it uses only the context that was created first).
> If you switch the order, and use ejb:/reproducer/TestSLSB!test.Test first, then they both show ejbuser



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list