Uploaded image for project: 'EJB 3.0'
  1. EJB 3.0
  2. EJBTHREE-189

@RunAs mangles getCallerPrincipal() result

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • EJB 3.0 RC1
    • EJB 3.0 Beta 1
    • None
    • None

      When @RunAs is used, Principal returned from SessionContext.getCallerPrincipal() is "anonymous". This is contrary to the EJB2.1 spec, section 21.2.5.1 Use of getCallerPrinicpal:

      "Note that getCallerPrincipal returns the principal that represents the caller of the
      enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any."

      On the next page of the spec is an example of how to use getCallerPrincipal() which will break in JBoss if you apply @RunAs to the ejb method.

      It looks like the problem is that SecurityAssociation.getCallerPrinicpal() is simply a cut-and-paste of SecurityAssociation.getPrincipal().

              wdecoste1@redhat.com William Decoste (Inactive)
              lhoriman_jira Robert Dobbs (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: