[jboss-jira] [JBoss JIRA] (WFLY-11604) Non-anonymous principal is not propagated from EJB context to CDI bean
Matej Novotny (Jira)
issues at jboss.org
Tue Jan 22 06:42:01 EST 2019
[ https://issues.jboss.org/browse/WFLY-11604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13685831#comment-13685831 ]
Matej Novotny commented on WFLY-11604:
--------------------------------------
For the record, Weld is basically delegating the Principal retrieval to security subsystem and then the bean forwards any calls to the Principal it got.
In WFLY this is implemented by [WeldSecurityServices|https://github.com/wildfly/wildfly/blob/master/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java#L73-L85].
> Non-anonymous principal is not propagated from EJB context to CDI bean
> ----------------------------------------------------------------------
>
> Key: WFLY-11604
> URL: https://issues.jboss.org/browse/WFLY-11604
> Project: WildFly
> Issue Type: Bug
> Components: CDI / Weld, Security
> Affects Versions: 14.0.1.Final, 15.0.1.Final
> Reporter: Nikoleta Žiaková
> Assignee: Matej Novotny
> Priority: Critical
>
> This is a follow-up on WFLY-11587 which only dealt with being able to inject the principal.
> However, during testing I have tried a scenario when the caller principal was not anonymous (run-as-principal setting in jboss-ejb3.xml). See the test case in this [commit|https://github.com/nziakova/wildfly/commit/9ae586ad0159e6399f65103e049b06ccd8356135].
> The principal is not propagated from the EJB context. The result is that injected principal in the CDI bean is always anonymous, although {{ctx.getCallerPrincipal()}} in the EJB returns correct principal.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list