Details
-
Bug
-
Resolution: Won't Do
-
Critical
-
7.0.6.GA
Description
Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.
An example might look like this:
unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)
This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.
Attachments
Issue Links
- clones
-
JBEAP-11462 [GSS] (7.1.x) EJB run-as identity gets lost if an unsecured ejb in the call stack
- Verified