Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 11.0.0.Beta1
Affects Version/s: 11.0.0.Alpha1
Component/s: EJB, Security
Labels:
None

Steps to Reproduce:
Hide

copy "other" security-domain to "jmx-console"

deploy SimpleEAR_EJB3.ear

hit http://localhost:8080/SimpleWar/Hello
Show
copy "other" security-domain to "jmx-console" deploy SimpleEAR_EJB3.ear hit http://localhost:8080/SimpleWar/Hello
Git Pull Request:
https://github.com/wildfly/wildfly/pull/10179
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1460347

Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.

An example might look like this:

unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)

This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

SimpleEAR_EJB3.ear
10 kB
2017/06/09 3:09 PM

is cloned by

JBEAP-11462 [GSS] (7.1.x) EJB run-as identity gets lost if an unsecured ejb in the call stack

Verified

Assignee:: Darran Lofthouse

Reporter:: Derek Horton

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2017/06/09 3:06 PM

Updated:: 2018/04/16 1:21 PM

Resolved:: 2017/06/23 3:52 PM