Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11462

[GSS] (7.1.x) EJB run-as identity gets lost if an unsecured ejb in the call stack

    Details

    • Type: Bug
    • Status: Verified (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: 7.0.5.GA
    • Fix Version/s: 7.1.0.ER2
    • Component/s: EJB, Security
    • Labels:
      None

      Description

      Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.

      An example might look like this:

      unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)

      This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jondruse Jiri Ondrusek
                  Reporter:
                  dehort Derek Horton
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: