Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.DR14
Affects Version/s: 7.1.0.DR12
Component/s: EJB, Security
Labels:

Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/jbossas/jboss-ejb-client/pull/218, https://github.com/wildfly-security-incubator/wildfly/pull/116

SFDC Cases Counter:
SFDC Cases Links:

Description

The client always gets the invocation is not allowed error.

TRACE logs:

17:17:01,075 TRACE [org.wildfly.security] (default I/O-5) Handling MechanismInformationCallback
17:17:01,077 TRACE [org.wildfly.security] (default I/O-5) Handling MechanismInformationCallback
17:17:01,078 TRACE [org.wildfly.security] (default I/O-5) Handling AvailableRealmsCallback: realms = [ApplicationRealm]
17:17:01,300 TRACE [org.wildfly.security] (default task-2) Handling RealmCallback: selected = [ApplicationRealm]
17:17:01,300 TRACE [org.wildfly.security] (default task-2) Handling NameCallback: authenticationName = joe
17:17:01,301 TRACE [org.wildfly.security] (default task-2) Principal assigning: [joe], pre-realm rewritten: [joe], realm name: [ApplicationRealm], post realm rewritten: [joe], realm rewritten: [joe]
17:17:01,309 TRACE [org.wildfly.security] (default task-2) Handling CredentialCallback: obtained successfully
17:17:01,311 TRACE [org.wildfly.security] (default task-2) Role mapping: principal [joe] -> decoded roles [users] -> realm mapped roles [users] -> domain mapped roles [users]
17:17:01,311 TRACE [org.wildfly.security] (default task-2) Authorizing principal joe.
17:17:01,312 TRACE [org.wildfly.security] (default task-2) Authorizing against the following attributes: [groups] => [users]
17:17:01,313 TRACE [org.wildfly.security] (default task-2) Permission mapping: identity [joe] with roles [users] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
17:17:01,326 TRACE [org.wildfly.security] (default task-2) Authorization succeed
17:17:01,329 TRACE [org.wildfly.security] (default task-2) RunAs authorization succeed - the same identity
17:17:01,329 TRACE [org.wildfly.security] (default task-2) Handling AuthorizeCallback: authenticationID = joe  authorizationID = joe  authorized = true
17:17:01,329 TRACE [org.wildfly.security] (default task-2) Handling AuthenticationCompleteCallback: succeed
17:17:01,332 TRACE [org.wildfly.security] (default task-2) Handling SecurityIdentityCallback: identity = org.wildfly.security.auth.server.SecurityIdentity@719b1c62
17:17:01,543 TRACE [org.wildfly.security] (default task-6) Role mapping: principal [anonymous] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
17:17:01,544 ERROR [org.jboss.as.ejb3.invocation] (default task-6) WFLYEJB0034: EJB Invocation failed on component HelloBean for method public abstract java.lang.String ejb.HelloBeanRemote.hello(): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract java.lang.String ejb.HelloBeanRemote.hello() of bean: HelloBean is not allowed

From the log it looks like the DIGEST authentication succeeds and the client is linked to a principal, but at 17:17:01,543 the principal is lost and the EJB is invoked as anonymous, which fails.

Attaching a project which reproduces this.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

jbeap8970reproducer.zip
46 kB
2017/02/20 11:23 AM
standalone-elytron.xml
26 kB
2017/02/21 1:00 AM

Activity

People

Assignee:: Farah Juma

Reporter:: Jan Martiska

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2017/02/20 11:21 AM

Updated:: 2021/10/24 6:31 AM

Resolved:: 2017/03/07 10:01 AM