Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9563

EJB client authenticated through LOCAL auth doesn't establish a security context for invocations

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.DR14
    • 7.1.0.DR13
    • EJB, Security
    • None
    • Regression
    • Hide

      Follow the instructions in the attached reproducer archive.

      Show
      Follow the instructions in the attached reproducer archive.

    Description

      When EJB client uses JBOSS-LOCAL-USER for silent authentication, then during invocations, he is seen as anonymous instead of $local.
      This also means that he is not able to invoke methods annotated with @RolesAllowed("**") which is supposed to allow everyone with an established security context.

      On EAP 7.0.0, this works as expected and the EJB calls are performed as the user named $local and it is allowed to invoke methods annotated @RolesAllowed("**")

      Attachments

        Activity

          People

            dlloyd@redhat.com David Lloyd
            jmartisk@redhat.com Jan Martiska
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: