Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-15279

[GSS](7.1.z) WildFlyInitialContextFactory EJB proxy security behavior inconsistent with different context lookups

    Details

    • Type: Bug
    • Status: Pull Request Sent (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 7.1.4.GA
    • Fix Version/s: None
    • Component/s: EJB
    • Labels:
      None

      Description

      WildFlyInitialContextFactory EJB proxy security behavior inconsistent with different context lookups

      Using WildFlyInitialContextFactory and calling a remote EJB server.

      Observations:

      1) If the ejb lookup is "reproducer/TestSLSB!test.Test" (basically like a RemoteNaming lookup), the ejb is invoked successfully, but the caller is seen as anonymous instead of the ejbuser which is specified in the Context properties.

      Using the ejb-client type lookup: ejb:/reproducer/TestSLSB!test.Test , then it shows up as ejbuser as expected

      2) if a client creates 2 InitialContexts and uses the lookup reproducer/TestSLSB!test.Test" on ctx1 , then uses the lookup "ejb:/reproducer/TestSLSB!test.Test " on ctx2 in that order, then they both show anonymous (as if it uses only the context that was created first).

      If you switch the order, and use ejb:/reproducer/TestSLSB!test.Test first, then they both show ejbuser

        Gliffy Diagrams

          Attachments

          1. reproducer.jar
            6 kB
          2. reproducer.jar
            6 kB
          3. server.log
            58 kB

            Issue Links

              Activity

                People

                • Assignee:
                  baranowb Bartosz Baranowski
                  Reporter:
                  bmaxwell Brad Maxwell
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:

                    Time Tracking

                    Estimated:
                    Original Estimate - 3 days
                    3d
                    Remaining:
                    Remaining Estimate - 3 days
                    3d
                    Logged:
                    Time Spent - Not Specified
                    Not Specified