Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9563

EJB client authenticated through LOCAL auth doesn't establish a security context for invocations

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.DR14
    • 7.1.0.DR13
    • EJB, Security
    • None
    • Regression
    • Hide

      Follow the instructions in the attached reproducer archive.

      Show
      Follow the instructions in the attached reproducer archive.

      When EJB client uses JBOSS-LOCAL-USER for silent authentication, then during invocations, he is seen as anonymous instead of $local.
      This also means that he is not able to invoke methods annotated with @RolesAllowed("**") which is supposed to allow everyone with an established security context.

      On EAP 7.0.0, this works as expected and the EJB calls are performed as the user named $local and it is allowed to invoke methods annotated @RolesAllowed("**")

        1. jbeap9563reproducer.zip
          43 kB

              dlloyd@redhat.com David Lloyd
              jmartisk@redhat.com Jan Martiska
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: