Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8917

EJB run-as identity gets lost if an unsecured ejb in the call stack

    Details

      Description

      Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.

      An example might look like this:

      unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)

      This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dlofthouse Darran Lofthouse
                  Reporter:
                  dehort Derek Horton
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: