Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 11.0.0.Beta1
Affects Version/s: None
Component/s: EJB, Security
Labels:
None

Steps to Reproduce:
Hide

AS TS:

cd testsuite/integration/basic mvn clean test -Delytron -Dwildfly.tmp.enable.elytron.profile.tests=true -Dtest=RemoteIdentityTestCase#testUnsecured

Expected result: Test passing

Current result:

RemoteIdentityTestCase.testUnsecured:79 expected:<[anonymous]> but was:<[guest]>
Show
AS TS: cd testsuite/integration/basic mvn clean test -Delytron -Dwildfly.tmp.enable.elytron.profile.tests= true -Dtest=RemoteIdentityTestCase#testUnsecured Expected result: Test passing Current result: RemoteIdentityTestCase.testUnsecured:79 expected:<[anonymous]> but was:<[guest]>

Description

The EJBContext.getCallerPrincipal() used in unsecured EJB method returns "anonymous" (i.e. unauthenticatedIdentity) in legacy security and it returns authenticated user-name when the default security domain ("other") is mapped to Elytron.

This could complicate users migration from legacy security to Elytron.

I'm not sure if this behavior was intended or if it's just a problem of how the Elytron default domain mapping works in ejb3 subsystem.

If the current getCallerPrincipal behavior is correct, then we should either reuse this JIRA for Documentation changes (especially Migration guide) or close this and create a new Documentation one.

Attachments

Issue Links

clones

JBEAP-9744 EJBContext.getCallerPrincipal behaves differently in Elytron and legacy security

Verified

Activity

People

Assignee:: Farah Juma

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017/03/21 11:22 AM

Updated:: 2017/12/06 11:47 AM

Resolved:: 2017/05/03 4:05 PM