[jboss-jira] [JBoss JIRA] (WFLY-4166) EJB Security Context lost when doing cross context includes

Tomasz Adamski (Jira) issues at jboss.org
Tue Nov 26 09:40:00 EST 2019 

     [ https://issues.jboss.org/browse/WFLY-4166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tomasz Adamski closed WFLY-4166.
--------------------------------
    Resolution: Out of Date


> EJB Security Context lost when doing cross context includes
> -----------------------------------------------------------
>
>                 Key: WFLY-4166
>                 URL: https://issues.jboss.org/browse/WFLY-4166
>             Project: WildFly
>          Issue Type: Bug
>          Components: EJB, Web (Undertow)
>    Affects Versions: 8.2.0.Final
>         Environment: SLES 12
>            Reporter: Jens Viebig
>            Priority: Major
>
> I'm getting a javax.ejb.EJBAccessException: JBAS014502 Exception when doing cross context includes across two secured webapps calling a secured EJB.
> Imagine two Servlets ServletOne and ServletTwo. ServletOne is a basic servlet that only prints "OK" and ServletTwo that is a basic servlet that prints "EJB OK" if ejb method could be accessed and "EJB EXCEPTION" when the call fails. This is packaged into a war that is deployed on the server twice with different names "simple-webapp.war" and "simple-webapp2.war"
> The war also includes a jsp index.jsp:
> <%@ taglib prefix="c"   uri="http://java.sun.com/jsp/jstl/core" %>
> <p>/simple-webapp/ServletOne</p>
> <c:import url="/ServletOne" context="/simple-webapp"/>
> <p>/simple-webapp/ServletTwo</p>
> <c:import url="/ServletTwo" context="/simple-webapp"/>
> <p>/simple-webapp2/ServletOne</p>
> <c:import url="/ServletOne" context="/simple-webapp2"/>
> <p>/simple-webapp/ServletTwo</p>
> <c:import url="/ServletTwo" context="/simple-webapp"/>
> <p>/simple-webapp2/ServletTwo</p>
> <c:import url="/ServletTwo" context="/simple-webapp2"/>
> The Output is:
> <p>/simple-webapp/ServletOne</p>
> OK
> <p>/simple-webapp/ServletTwo</p>
> EJB OK
> <p>/simple-webapp2/ServletOne</p>
> OK
> <p>/simple-webapp/ServletTwo</p>
> EJB EXCEPTION
> <p>/simple-webapp2/ServletTwo</p>
> EJB OK
> It seems that a cross context call to another app was made, it is not possible to call secured ejbs in the same request from the first webapp. This does not affect new requests, only requests that do the cross context include. 



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list