Status: Closed (View Workflow)
3 session beans: @RunAs("printer") Printer, which calls HelperBean (no security annotations), which calls @RolesAllowed("printer") Toner. The last invocation results in
javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public void org.jboss.as.test.integration.ejb.security.runas.propagation.Toner.spill() of bean: Toner is not allowed
Printer calling Toner (directly) works just fine. And if the HelperBean is a CDI managed bean, it works just fine too.
According to EJB spec, 12 Security management, 12.1 Overview:
"By default, the caller principal will be propagated as the caller identity. The Bean Provider can use the RunAs annotation to specify that a security principal that has been assigned to a specified security role be used instead. See Section 12.3.4."
12.3.4 Specification of Security Identities in the Deployment Descriptor:
"The Bean Provider or Application Assembler typically specifies whether the caller’s security identity should be used for the execution of the methods of an enterprise bean or whether a specific run-as identity should be used. By default the caller’s security identity is used."
A bit sophisticated test available at: https://github.com/bafco/wildfly/commits/securityContext