[keycloak-user] Permission issue in calling EJB from MDB
valsaraj pv
valsarajpv at gmail.com
Fri Jun 1 07:47:40 EDT 2018
Hi,
We have recently switched from JAAS to Keycloak. Application is JavaEE
application with EJBs & MDBs.
Set keycloak login module in WildFly to propagate user from wen to EJB & it
worked.
But facing issue when an EJB is called from MDB. There is anonymoius user
in MDB when message received. So that user don't have permission to invoke
EJB protected by:
> <s:security>
> <ejb-name>*</ejb-name>
>
> <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
> <s:security-domain>keycloak</s:security-domain>
> </s:security>
In JAAS version, we have programmatic login using dedicated mdb user.
loginContext = new LoginContext("ldap", new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
int len = callbacks.length;
Callback cb;
for (int i = 0; i < len; i++) {
cb = callbacks[i];
if (cb instanceof NameCallback) {
NameCallback ncb = (NameCallback) cb;
ncb.setName(mdbuserName);
} else if (cb instanceof PasswordCallback) {
PasswordCallback pcb = (PasswordCallback) cb;
pcb.setPassword(mdbUsrPass);
}
}
}
});
loginContext.login();
This have user with required permission. Since now moved to Keycloak, this
code will not work. What is the option to prevent permission issue in
calling EJB from MDB?
Thanks!
More information about the keycloak-user
mailing list