Loading...

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.ER3
Affects Version/s: 7.1.0.DR17, 7.1.0.DR18, 7.1.0.DR19
Component/s: EJB, Security
Labels:
None

Affects Testing:

Blocks Testing
CDW blocker:
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

Run the following command in WildFly Test Suite Integration/Basic module with Elytron profile:

mvn clean test -Dtest=AsynchronousSecurityTestCase#testAsynchSecurityMethod -Delytron -Dwildfly.tmp.enable.elytron.profile.tests
Show
Run the following command in WildFly Test Suite Integration/Basic module with Elytron profile: mvn clean test -Dtest=AsynchronousSecurityTestCase#testAsynchSecurityMethod -Delytron -Dwildfly.tmp.enable.elytron.profile.tests

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Upon attempt to Future.get of asynchronous method from EJB with authenticated SecurityIdentity in same VM as EJB, the method fails:

asynchronous in-VM invocation

        Callable<Boolean> callable = () -> {
            Future<Boolean> future = securedBean.method();
            SecuredStatelessBean.startLatch.countDown();
            return future.get();
        };
        result = Util.switchIdentity("somebody", "password", callable);
        Assert.assertTrue(result);

Util.switchIdentity

final SecurityDomain securityDomain = SecurityDomain.getCurrent();
                if (securityDomain != null) {
                    // elytron is enabled, use the new way to switch the identity
                    final SecurityIdentity securityIdentity = securityDomain.authenticate(username, new PasswordGuessEvidence(password.toCharArray()));
                    initialAuthSucceeded = true;
                    return securityIdentity.runAs(callable);
                }

exception

javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract java.util.concurrent.Future org.jboss.as.test.integration.ejb.security.asynchronous.SecuredStatelessRemote.method() throws java.lang.InterruptedException,java.util.concurrent.ExecutionException of bean: SecuredStatelessBean is not allowed
	at org.jboss.as.ejb3.security.RolesAllowedInterceptor.processInvocation(RolesAllowedInterceptor.java:67)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.security.SecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.java:44)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:45)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:256)
	at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609)
	at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	at org.jboss.as.ejb3.remote.LocalEjbReceiver.lambda$processInvocation$0(LocalEjbReceiver.java:201)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
	at org.jboss.threads.JBossThread.run(JBossThread.java:320)

Invocation of synchronous method in the same bean with same credentials in Util.switchIdentity method will be successfully authorised.

causes

JBEAP-9080 EJB security tests are failing in AS TS with Elytron profile

Closed

is caused by

ELY-1281 SecurityDomain.authenticate() propagates credentials inappropriately

Resolved

ELY-1212 The forward identity should be captured in AuthenticationContextConfigurationClient.getAuthenticationConfiguration()

Resolved

JBEAP-11933 Security identity not propagated into asynchronous task (elytron)

Closed

is incorporated by

JBEAP-12265 Upgrade WildFly Elytron to 1.1.0.CR3

Closed

JBEAP-11459 Upgrade WildFly Elytron to 1.1.0.Beta54

Closed

JBEAP-11931 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta30

Closed

is related to

JBEAP-11560 Fix tests which currently fail with -Dwildfly.tmp.enable.elytron.profile.tests

Closed

relates to

JBEAP-9752 ClientLoginModule does not work with Elytron secured EJBs for In-VM Calls e.g. Servlet to Bean or Bean to Bean

Closed

(2 is incorporated by, 1 is related to, 1 relates to)

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates