[jboss-jira] [JBoss JIRA] (WFLY-12301) CallerPrincipal will be anonymous (randomly) if EJB2 is called
Cheng Fang (Jira)
issues at jboss.org
Fri Jul 19 05:40:02 EDT 2019
[ https://issues.jboss.org/browse/WFLY-12301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cheng Fang reassigned WFLY-12301:
---------------------------------
Assignee: Darran Lofthouse (was: Cheng Fang)
> CallerPrincipal will be anonymous (randomly) if EJB2 is called
> --------------------------------------------------------------
>
> Key: WFLY-12301
> URL: https://issues.jboss.org/browse/WFLY-12301
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security
> Affects Versions: 17.0.1.Final
> Reporter: Wolf-Dieter Fink
> Assignee: Darran Lofthouse
> Priority: Major
> Labels: EJB2, security
> Attachments: reproducer.zip
>
>
> An EJB application which call an EJB2 SLSB will fail (randomly) to show the correct user if getCallerPrincipal is used inside. Also the roles are not set.
> The EJB2 Bean is secured by ejb-jar.xml so it is not expected that it will be called without role
> <assembly-descriptor>
> <method-permission>
> <role-name>testRole</role-name>
> <method>
> <ejb-name>simpleejb.server.SomeEJB2Bean</ejb-name>
> <method-intf>Remote</method-intf>
> <method-name>*</method-name>
> </method>
> </method-permission>
> This error is constant seen if the server is up and running but each restart will change the behaviour randomly.
> Note that an EJB3 bean of the same EAR file will work always correctly.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list