-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
Security context propagation with using Elytron outflow-security-domains attribute in security domain doesn't work for Servlet-to-EJB calls.
This could also be a test configuration issue, but as there is not yet documentation covering this area, I can't guess what could be wrong in the scenario.
1. I have 2 similar web applications with servlets and EJBs:
- the `secured-webapp` is mapped to `web-tests` security domain
- the `second` application is mapped to `second-domain` security domain
2. Undertow and EJB subsystems maps the application domains `web-tests` and `second-domain` to Elytron domains with the same name.
3. trust between the domains is defined in following way:
/subsystem=elytron/security-domain=second-domain:write-attribute(name=outflow-security-domains,value=[web-tests]) /subsystem=elytron/security-domain=second-domain:write-attribute(name=trusted-security-domains, value=[web-tests]) /subsystem=elytron/security-domain=web-tests:write-attribute(name=trusted-security-domains, value=[second-domain])
4. the test itself calls servlet from the `second` web application and it calls protected EJB from the `secured-webapp`.
The EJB call fails with EJBAccessException
14:30:04,631 ERROR [org.jboss.as.ejb3.invocation] (default task-3) WFLYEJB0034: EJB Invocation failed on component HelloBean for method public abstract java.lang.String org.jboss.test.ejb.Hello.sayHello(): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract java.lang.String org.jboss.test.ejb.Hello.sayHello() of bean: HelloBean is not allowed
- clones
-
JBEAP-10320 Elytron outflow-security-domains doesn't work for Servlet-to-EJB calls
- Closed