Uploaded image for project: 'EJB 3.0'
  1. EJB 3.0
  2. EJBTHREE-1601

Introduce check for RunAs to bypass authentication

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 1.0.0-Beta9
    • 1.0.0-Beta8
    • Security
    • None
    • Medium

    Description

      If a call comes to a container with an incoming RunAS, then the Java EE spec defines a role based approach. The authentication mechanism needs to be bypassed.

      Currently, the Identity Trust Framework (with its JavaEETrustModule) takes care of incoming run as but the ITF may not be enabled by default and may not be configured for all security domains.

      Hence bring back the explicit check for run-as in authentication interceptor.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBAS-6239 Regression on run-as in a MDB

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              anil.saldhana Anil Saldanha (Inactive)
              anil.saldhana Anil Saldanha (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: