[jboss-jira] [JBoss JIRA] (WFLY-11604) Non-anonymous principal is not propagated from EJB context to CDI bean

Darran Lofthouse (Jira) issues at jboss.org
Mon Feb 18 13:50:00 EST 2019 

    [ https://issues.jboss.org/browse/WFLY-11604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13696892#comment-13696892 ] 

Darran Lofthouse edited comment on WFLY-11604 at 2/18/19 1:49 PM:
------------------------------------------------------------------

I see the difference now and believe this is the intended behaviour.

At the moment just looking at testNonAnonymousPrincipalInjected() we have two calls: -

1 - CallerWithIdentity->BeanWithInjectedPrincipal
2 - CallerWithIdentity->BeanWithPrincipalFromEJBContext

The bean CallerWithIdentity is configured with a run-as-principal of 'non-anonymous'.  This run as principal affects outbound calls from this bean so when we call a different EJB the identity is switched.

In scenario #2 the call is to a different EJB, this means the call passes through security interceptors which identify any outbound principal and make use of it for the next stage in the call.  This is expected and in the test the expected value is being returned.

In scenario #1 however the call does not pass to another EJB, instead it passes directly to an injected CDI bean.  As this bean is directly injected it is running using the SecurityContext of the CallerWithIdentity bean so it is correct that this is returning 'anonymous' instead of 'non-anonymous'.

If I change the call to: -

3 - CallerWithIdentity->BeanWithPrincipalFromEJBContext -> BeanWithInjectedPrincipal

Now the call leaves 'CallerWithIdentity' and enters a second EJB so the run-as-principal is used, the injected CDI bean is now using the security context of the second bean so returns 'non-anonymous'.

This does however leave the question once WildFly Elytron is activated regarding why the EJBContext does not report the run as principal when the call reaches the second bean, I suspect this may have been a decision during implementation as these run as scenarios were discussed quite heavily but it is purely an EJB container issue and not a CDI issue.







was (Author: dlofthouse):
I see the difference now and believe this is the intended behaviour.

At the moment just looking at testNonAnonymousPrincipalInjected() we have two calls: -

1 - CallerWithIdentity->BeanWithInjectedPrincipal
2 - CallerWithIdentity->BeanWithPrincipalFromEJBContext

The bean CallerWithIdentity is configured with a run-as-principal of 'non-anonymous'.  This run as principal affects outbound calls from this bean so when we call a different EJB the identity is switched.

In scenario #2 the call is to a different EJB, this means the call passes through security interceptors which identify any outbound principal and make use of it for the next stage in the call.  This is expected and in the test the expected value is being returned.

In scenario #1 however the call does not pass to another EJB, instead it passes directly to an injected CDI bean.  As this bean is directly injected it is running using the SecurityContext of the CallerWithIdentity bean so it is correct that this is returning 'anonymous' instead of 'non-anonymous'.

If I change the call to: -

3 - CallerWithIdentity->BeanWithPrincipalFromEJBContext -> BeanWithInjectedPrincipal

Now the call leaves 'CallerWithIdentity' and enters a second EJB so the run-as-principal is used, the injected CDI bean is now using the security context of the second bean so returns 'non-anonymous'.

This does however leave the question regarding why the EJBContext does not report the run as principal when the call reaches the second bean, I suspect this may have been a decision during implementation as these run as scenarios were discussed quite heavily but it is purely an EJB container issue and not a CDI issue.






> Non-anonymous principal is not propagated from EJB context to CDI bean
> ----------------------------------------------------------------------
>
>                 Key: WFLY-11604
>                 URL: https://issues.jboss.org/browse/WFLY-11604
>             Project: WildFly
>          Issue Type: Bug
>          Components: CDI / Weld, Security
>    Affects Versions: 14.0.1.Final, 15.0.1.Final
>            Reporter: Nikoleta Žiaková
>            Assignee: Darran Lofthouse
>            Priority: Critical
>
> This is a follow-up on WFLY-11587 which only dealt with being able to inject the principal. 
> However, during testing I have tried a scenario when the caller principal was not anonymous (run-as-principal setting in jboss-ejb3.xml). See the test case in this [commit|https://github.com/nziakova/wildfly/commit/9ae586ad0159e6399f65103e049b06ccd8356135].
> The principal is not propagated from the EJB context. The result is that injected principal in the CDI bean is always anonymous, although {{ctx.getCallerPrincipal()}} in the EJB returns correct principal.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list