Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Blocker
Fix Version/s: None
Affects Version/s: 7.1.0.DR18, 7.1.0.DR19, 7.1.0.ER1
Component/s: EJB, Security
Labels:
None

Affects Testing:

Regression
CDW blocker:
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

1. Download attached reproducer and build both deployments:

mvn clean install -U

2. Prepare server and deploy deployments:

Elytron security configuration preparation:
jboss-cli

/subsystem=ejb3/application-security-domain=sd1:add(security-domain=ApplicationDomain) /subsystem=ejb3/application-security-domain=sd2:add(security-domain=ManagementDomain) /subsystem=undertow/application-security-domain=sd1:add(http-authentication-factory=application-http-authentication) deploy /path/to/reproducer/who-am-i/target/who-am-i.jar deploy /path/to/reproducer/run-as-dep/target/run-as-dep.war reload

Legacy security configuration preparation:
jboss-cli

/subsystem=security/security-domain=sd1:add() /subsystem=security/security-domain=sd2:add() deploy /path/to/reproducer/who-am-i/target/who-am-i.jar deploy /path/to/reproducer/run-as-dep/target/run-as-dep.war reload

3. Access http://localhost:8080/run-as-dep/
Show
1. Download attached reproducer and build both deployments: mvn clean install -U 2. Prepare server and deploy deployments: Elytron security configuration preparation: jboss-cli /subsystem=ejb3/application-security-domain=sd1:add(security-domain=ApplicationDomain) /subsystem=ejb3/application-security-domain=sd2:add(security-domain=ManagementDomain) /subsystem=undertow/application-security-domain=sd1:add(http-authentication-factory=application-http-authentication) deploy /path/to/reproducer/who-am-i/target/who-am-i.jar deploy /path/to/reproducer/run-as-dep/target/run-as-dep.war reload Legacy security configuration preparation: jboss-cli /subsystem=security/security-domain=sd1:add() /subsystem=security/security-domain=sd2:add() deploy /path/to/reproducer/who-am-i/target/who-am-i.jar deploy /path/to/reproducer/run-as-dep/target/run-as-dep.war reload 3. Access http://localhost:8080/run-as-dep/

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

In a scenario when @RunAs("securityRole") annotated bean invokes bean backed by different security domain, the @RunAs authorization does not propagate over.

This was not the case with PicketBox security, where the @RunAs authorization propagated.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

ejb-run-as-two-domains.zip
373 kB
2017/05/18 4:58 AM

causes

JBEAP-11108 Elytron migration: single security domain per deployment

Closed

is cloned by

JBEAP-11536 [Doc RFE] '@RunAs' role authorization does not propagate across deployments backed by different Elytron security domains

Closed

Assignee:: Darran Lofthouse

Reporter:: Michal Jurc

Need Info From:: Bilgehan Ozpeynirci, Brad Maxwell, Chris Dolphy, Derek Horton

Votes:: 0 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 2017/05/18 4:41 AM

Updated:: 2021/10/24 6:31 AM

Resolved:: 2017/06/14 3:37 AM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates