[jboss-jira] [JBoss JIRA] (WFLY-3313) Websocket Auth - Container is not aware of the Principal
Caleb Adams (Jira)
issues at jboss.org
Thu Jun 11 12:04:43 EDT 2020
[ https://issues.redhat.com/browse/WFLY-3313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14150497#comment-14150497 ]
Caleb Adams commented on WFLY-3313:
-----------------------------------
This is also occurring on WildFly 17.0.1.Final... EJBContext returns the anonymous principal and @RolesAllowed checks within the EJB container are broken.
> Websocket Auth - Container is not aware of the Principal
> --------------------------------------------------------
>
> Key: WFLY-3313
> URL: https://issues.redhat.com/browse/WFLY-3313
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security, Web (Undertow), Web Sockets
> Affects Versions: 8.1.0.CR1, 10.0.0.Final, 15.0.0.Final
> Reporter: Markus D
> Priority: Major
> Attachments: websocket-different-principals-ejb-vs-socket.png, websocket-endpoint-security.war
>
>
> The Websocket is protected by the web.xml. The session object of the callback object correctly returns the principal.
> When an EJB is called the callerPrincipal is always anonymous.
> @Resource
> private SessionContext ctx;
> Principal callerPrincipal = ctx.getCallerPrincipal();
> Running thread here:
> https://community.jboss.org/thread/240617
> Shouldn't the principal be propagated to the EJB container when a websocket callback method triggered?
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list