Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-5476

An EJB invocation with runas-identity causes that runas-identity to be used for all invocations of that EJB

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • EAP_EWP 5.1.1
    • EAP_EWP 5.1.0
    • EJB, Security
    • None
    • Release Notes
    • Hide
      A bug in org.jboss.ejb.plugins.SecurityInterceptor caused problems with setting the runas-identity context method invocation on stateless session EJBs that were not originally runas-deployed.
      Invocations used the identity of any authenticated context sent to the EJB, which resulted in invocations being executed as if the EJB was runas-deployed.
      The only way to stop this behavior was to restart the server.
      SecurityInterceptor now looks at the run-as role of the original EJB, and ensures that runAsRole is available to any calls made by the EJB for declarative security checks.
      Show
      A bug in org.jboss.ejb.plugins.SecurityInterceptor caused problems with setting the runas-identity context method invocation on stateless session EJBs that were not originally runas-deployed. Invocations used the identity of any authenticated context sent to the EJB, which resulted in invocations being executed as if the EJB was runas-deployed. The only way to stop this behavior was to restart the server. SecurityInterceptor now looks at the run-as role of the original EJB, and ensures that runAsRole is available to any calls made by the EJB for declarative security checks.
    • Documented as Resolved Issue

      Need to backport JBAS-8600 to EAP5 branch.

            mmoyses Marcus Moyses (Inactive)
            mmoyses Marcus Moyses (Inactive)
            Jared Morgan Jared Morgan (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: