[jboss-jira] [JBoss JIRA] (WFLY-10997) [GSS](7.2.z) WildFlyInitialContextFactory EJB proxy security behavior inconsistent with different context lookups

Lin Gao (JIRA) issues at jboss.org
Mon Sep 10 02:21:01 EDT 2018 

     [ https://issues.jboss.org/browse/WFLY-10997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lin Gao moved JBEAP-15395 to WFLY-10997:
----------------------------------------

              Project: WildFly  (was: JBoss Enterprise Application Platform)
                  Key: WFLY-10997  (was: JBEAP-15395)
             Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
          Component/s: EJB
                           (was: EJB)
    Affects Version/s:     (was: 7.1.4.GA)
        Fix Version/s:     (was: 7.2.1.GA)


> [GSS](7.2.z) WildFlyInitialContextFactory EJB proxy security behavior inconsistent with different context lookups
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-10997
>                 URL: https://issues.jboss.org/browse/WFLY-10997
>             Project: WildFly
>          Issue Type: Bug
>          Components: EJB
>            Reporter: Lin Gao
>            Assignee: Lin Gao
>              Labels: downstream_dependency
>   Original Estimate: 3 days
>  Remaining Estimate: 3 days
>
> WildFlyInitialContextFactory EJB proxy security behavior inconsistent with different context lookups
> Using WildFlyInitialContextFactory and calling a remote EJB server.
> Observations: 
> 1) If the ejb lookup is "reproducer/TestSLSB!test.Test" (basically like a RemoteNaming lookup), the ejb is invoked successfully, but the caller is seen as anonymous instead of the ejbuser which is specified in the Context properties.
> Using the ejb-client type lookup: ejb:/reproducer/TestSLSB!test.Test , then it shows up as ejbuser as expected
> 2) if a client creates 2 InitialContexts and uses the lookup reproducer/TestSLSB!test.Test" on ctx1 , then uses the lookup "ejb:/reproducer/TestSLSB!test.Test " on ctx2 in that order, then they both show anonymous (as if it uses only the context that was created first).
> If you switch the order, and use ejb:/reproducer/TestSLSB!test.Test first, then they both show ejbuser



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list