Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11632

[GSS] (7.0.z) EJB run-as identity gets lost if an unsecured ejb in the call stack

    Details

      Description

      Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.

      An example might look like this:

      unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)

      This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  baranowb Bartosz Baranowski
                  Reporter:
                  jondruse Jiri Ondrusek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: