Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8414

EJBContext.getCallerPrincipal behaves differently in Elytron and legacy security

    Details

    • Steps to Reproduce:
      Hide

      AS TS:

      cd testsuite/integration/basic
      mvn clean test -Delytron -Dwildfly.tmp.enable.elytron.profile.tests=true -Dtest=RemoteIdentityTestCase#testUnsecured
      

      Expected result: Test passing

      Current result:

      RemoteIdentityTestCase.testUnsecured:79 expected:<[anonymous]> but was:<[guest]>
      
      Show
      AS TS: cd testsuite/integration/basic mvn clean test -Delytron -Dwildfly.tmp.enable.elytron.profile.tests= true -Dtest=RemoteIdentityTestCase#testUnsecured Expected result: Test passing Current result: RemoteIdentityTestCase.testUnsecured:79 expected:<[anonymous]> but was:<[guest]>

      Description

      The EJBContext.getCallerPrincipal() used in unsecured EJB method returns "anonymous" (i.e. unauthenticatedIdentity) in legacy security and it returns authenticated user-name when the default security domain ("other") is mapped to Elytron.

      This could complicate users migration from legacy security to Elytron.

      I'm not sure if this behavior was intended or if it's just a problem of how the Elytron default domain mapping works in ejb3 subsystem.

      If the current getCallerPrincipal behavior is correct, then we should either reuse this JIRA for Documentation changes (especially Migration guide) or close this and create a new Documentation one.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  fjuma Farah Juma
                  Reporter:
                  jcacek Josef Cacek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: