Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-17781

Ensure a virtual SecurityDomain is created if necessary when an EJB references a virtual security domain

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Blocker
    • 28.0.0.Final
    • None
    • Security
    • None

    Description

      Currently, the automatic creation of a virtual SecurityDomain doesn't happen until processing a deployment. This can be problematic when we have two deployments, say EAR#1 and EAR#2, where:

      • We want to secure an EJB in EAR#2 with the same virtual security domain that was used to secure a servlet from EAR #1.

      AND

      • EAR#1 depends on EAR#2 being deployed first.

      EAR#2 needs the virtual SecurityDomain that's used to secure EAR#1 in order for deployment to succeed (since EJBSecurityDomainService#start relies on the SecurityDomain being available, it's not enough for just the virtual-security-domain resource to have been defined).

      Currently, the automatic creation of a virtual SecurityDomain doesn't happen until processing a deployment. Thus, if EAR#2 needs to be deployed before EAR#1, the virtual SecurityDomain associated with EAR#1 won't be available yet.

      We need to ensure a virtual SecurityDomain is created if necessary when an EJB references a virtual security domain.

      With this change, a test should also be added to OidcIdentityPropagationTestCase to ensure that an EJB in EAR#2 can successfully use a @SecurityDomain annotation to specify that it should be secured using the same virtual security domain used for EAR#1.

      Attachments

        Issue Links

          is cloned by

          Task - Represents a small unit of work that is not end-user facing. JBEAP-24663 Ensure a virtual SecurityDomain is created if necessary when an EJB references a virtual security domain

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. WFCORE-6271 Add a service that can be used to ensure a virtual SecurityDomain associated with a virtual-security-domain resource has been created

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          relates to

          Feature Request - Feature requests from customers and/or users WFLY-16793 Support for identity propagation from a WAR to an EJB in an EAR when using OIDC

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              fjuma1@redhat.com Farah Juma
              fjuma1@redhat.com Farah Juma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: