Details
-
Bug
-
Resolution: Done
-
Critical
-
7.0.5.GA
-
None
Description
Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.
An example might look like this:
unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)
This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.
Attachments
Issue Links
- clones
-
WFLY-8917 EJB run-as identity gets lost if an unsecured ejb in the call stack
- Closed
- is cloned by
-
JBEAP-11632 [GSS] (7.0.z) EJB run-as identity gets lost if an unsecured ejb in the call stack
- Closed
- is related to
-
JBEAP-12160 EJB run-as identity gets lost if an unsecured ejb in the call stack - not fixed in Elytron
- Verified