Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-17210

[GSS](7.2.z) CallerPrincipal will be anonymous (randomly) if EJB2 is called

XMLWordPrintable

    • +
    • Hide

      build the project and deploy ear/target/EJB2EJB3Principal.ear to a fresh server.
      run
      bin/add-user.sh -a -u test -p password1 -g testRole,testRole2
      to add the user
      Execute
      java -cp "SRV_HOME/bin/client/jboss-client.jar:client/target/EJB2EJB3Principal-client.jar:ejb2App/target/EJB2EJB3Principal-ejb2-client.jar:ejb3App/target/EJB2EJB3Principal-ejb3-client.jar Client
      or use "mvn exec:java" in Client directory

      This will show that the EJB3 and EJB2 are called with the correct user and role.

      Now change the security to Elytron by using the quickstart script configure-elytron.cli from the ejb-security quickstart (https://github.com/wildfly/quickstart/blob/master/ejb-security/configure-elytron.cli)

      Show
      build the project and deploy ear/target/EJB2EJB3Principal.ear to a fresh server. run bin/add-user.sh -a -u test -p password1 -g testRole,testRole2 to add the user Execute java -cp "SRV_HOME/bin/client/jboss-client.jar:client/target/EJB2EJB3Principal-client.jar:ejb2App/target/EJB2EJB3Principal-ejb2-client.jar:ejb3App/target/EJB2EJB3Principal-ejb3-client.jar Client or use "mvn exec:java" in Client directory This will show that the EJB3 and EJB2 are called with the correct user and role. Now change the security to Elytron by using the quickstart script configure-elytron.cli from the ejb-security quickstart ( https://github.com/wildfly/quickstart/blob/master/ejb-security/configure-elytron.cli )

      An EJB application which call an EJB2 SLSB will fail (randomly) to show the correct user if getCallerPrincipal is used inside. Also the roles are not set.

      The EJB2 Bean is secured by ejb-jar.xml so it is not expected that it will be called without role

        <assembly-descriptor>
          <method-permission>
            <role-name>testRole</role-name>
            <method>
              <ejb-name>simpleejb.server.SomeEJB2Bean</ejb-name>
              <method-intf>Remote</method-intf>
              <method-name>*</method-name>
            </method>
          </method-permission>
      

      This error is constant seen if the server is up and running but each restart will change the behaviour randomly.
      Note that an EJB3 bean of the same EAR file will work always correctly.

              rhn-support-bmaxwell Brad Maxwell
              rhn-support-wfink Wolf Fink
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: