Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-122

Container-provided security role "**" (EJB 3.2) not working

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.0.0.DR7
    • 7.0.0.DR1
    • EJB, Security
    • None

    Description

      EJB 3.2 12.3.1 Security Roles:

      A security role with the name “**” is defined by the Container, and is intended to be used by the Bean
      Provider, Application Assembler, or Deployer to indicate that the caller must log on or authenticate to
      invoke a method or to perform some processing requiring membership in this container role. This con-
      tainer security role indicates that authentication, without consideration of role membership, is required.

      This doesn't seem to work in WildFly 9.0.0.CR1 and EAP 7.0.0.DR1. An authenticated user trying to invoke methods annotated @PermitAll("**") gets an EJBAccessException.
      I started preparing tests for this behavior at https://github.com/jmartisk/wildfly/commits/master-ejb32tests-starrole

      It causes failures in:
      InherritanceAnnSFSBTestCase.testSingleMethodAnnotationsUser1
      InherritanceAnnSLSBTestCase.testSingleMethodAnnotationsUser1
      InjectionAnnSFSBtoSFSBTestCase.testSingleMethodAnnotationsUser1
      InjectionAnnSFSBtoSLSBTestCase.testSingleMethodAnnotationsUser1
      InjectionAnnSLSBtoSFSBTestCase.testSingleMethodAnnotationsUser1
      InjectionAnnSLSBtoSLSBTestCase.testSingleMethodAnnotationsUser1
      SingleMethodsAnnSFSBTestCase.testSingleMethodAnnotationsUser1
      SingleMethodsAnnSLSBTestCase.testSingleMethodAnnotationsUser1

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. SECURITY-878 Container-provided security role "**" (EJB 3.2) not working

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              jmartisk@redhat.com Jan Martiska
              jmartisk@redhat.com Jan Martiska
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: