Details
-
Bug
-
Resolution: Done
-
Major
-
11.0.0.Alpha1
-
None
Description
Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.
An example might look like this:
unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)
This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.
Attachments
Issue Links
- is cloned by
-
JBEAP-11462 [GSS] (7.1.x) EJB run-as identity gets lost if an unsecured ejb in the call stack
- Verified