[jboss-jira] [JBoss JIRA] (WFLY-11604) Non-anonymous principal is not propagated from EJB context to CDI bean
Martin Choma (Jira)
issues at jboss.org
Tue Jan 22 05:35:00 EST 2019
[ https://issues.jboss.org/browse/WFLY-11604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13685783#comment-13685783 ]
Martin Choma commented on WFLY-11604:
-------------------------------------
PicketBox, Nikoleta was basically following documentation https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/developing_ejb_applications/ejb_application_security .
Fact that ctx.getCallerPrincipal() returns correct principal makes us think configuration is correct. But we are not sure if this assumption is correct.
> Non-anonymous principal is not propagated from EJB context to CDI bean
> ----------------------------------------------------------------------
>
> Key: WFLY-11604
> URL: https://issues.jboss.org/browse/WFLY-11604
> Project: WildFly
> Issue Type: Bug
> Components: CDI / Weld, Security
> Affects Versions: 14.0.1.Final, 15.0.1.Final
> Reporter: Nikoleta Žiaková
> Assignee: Matej Novotny
> Priority: Critical
>
> This is a follow-up on WFLY-11587 which only dealt with being able to inject the principal.
> However, during testing I have tried a scenario when the caller principal was not anonymous (run-as-principal setting in jboss-ejb3.xml). See the test case in this [commit|https://github.com/nziakova/wildfly/commit/9ae586ad0159e6399f65103e049b06ccd8356135].
> The principal is not propagated from the EJB context. The result is that injected principal in the CDI bean is always anonymous, although {{ctx.getCallerPrincipal()}} in the EJB returns correct principal.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list