[jboss-jira] [JBoss JIRA] (WFCORE-4076) EJB using legacy security order of SASL mechanism matters

Martin Choma (JIRA) issues at jboss.org
Tue Sep 18 04:23:01 EDT 2018 

    [ https://issues.jboss.org/browse/WFCORE-4076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13634687#comment-13634687 ] 

Martin Choma commented on WFCORE-4076:
--------------------------------------

As far as this can be seen in eap 6.4 I am ok with closing this issue.

[~dehort] does it seems reasonable to you?

> EJB using legacy security order of SASL mechanism matters
> ---------------------------------------------------------
>
>                 Key: WFCORE-4076
>                 URL: https://issues.jboss.org/browse/WFCORE-4076
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Remoting, Security
>    Affects Versions: 6.0.0.Final
>            Reporter: Martin Choma
>            Assignee: Jiri Ondrusek
>         Attachments: SimpleEAR_EJB3.tar.gz, jbeap-15260-reproducer-config.tar.gz
>
>
> Having configuration like this EJB call following reproducer works
> {code}
>         <subsystem xmlns="urn:jboss:domain:remoting:4.0">
>             <endpoint/>
>             <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm">
>                 <properties>
>                     <property name="SASL_MECHANISMS" value="PLAIN,ANONYMOUS"/>
>                     <property name="SASL_POLICY_NOANONYMOUS" value="false"/>
>                 </properties>
>             </http-connector>
>         </subsystem>
> {code}
> Switching mechanisms to <property name="SASL_MECHANISMS" value="ANONYMOUS,PLAIN"/> causes error
> {code}
> 17:52:50,441 ERROR [org.jboss.as.ejb3.invocation] (default task-1) WFLYEJB0034: EJB Invocation failed on component GoodBye for method public abstract java.lang.String jboss.example.ejb.GoodBye.sayGoodBye(): javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
> 	at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:69)
> 	at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49)
> 	at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:97)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
> 	at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:619)
> 	at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
> 	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
> 	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
> 	at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
> 	at org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:382)
> 	at org.jboss.as.ejb3.remote.AssociationImpl.invokeWithIdentity(AssociationImpl.java:556)
> 	at org.jboss.as.ejb3.remote.AssociationImpl.invokeMethod(AssociationImpl.java:537)
> 	at org.jboss.as.ejb3.remote.AssociationImpl.lambda$receiveInvocationRequest$0(AssociationImpl.java:195)
> 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
> 	at java.lang.Thread.run(Thread.java:748)
> {code}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list