Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 11.0.0.Beta1
Affects Version/s: None
Component/s: EJB, Security
Labels:
None

Steps to Reproduce:
Hide

Run the following command in WildFly Test Suite Integration/Basic module with Elytron profile:

mvn clean test -Dtest=MissingMethodPermissionsDefaultAllowedTestCase -Delytron -Dwildfly.tmp.enable.elytron.profile.tests

The test deployment will have no security domain associated with it and fall back to CLM authentication, therefore failing the tests.
Show
Run the following command in WildFly Test Suite Integration/Basic module with Elytron profile: mvn clean test -Dtest=MissingMethodPermissionsDefaultAllowedTestCase -Delytron -Dwildfly.tmp.enable.elytron.profile.tests The test deployment will have no security domain associated with it and fall back to CLM authentication, therefore failing the tests.

Description

Suppose a deployment with EJB with security related annotations (for example @RolesAllowed) but without a @SecurityDomain annotation. If the EAP running the deployment has attribute default-security-domain in /subsystem=ejb3 defined, this will be used for any bean without security domain used in deployment. This works with PicketBox domains, however, if an Elytron security domain is defined as default, no such domain will be associated with the deployment.

This also causes failure of org.jboss.as.test.integration.ejb.security.missingmethodpermission.*TestCase tests in integration/basic module in test suite.

Attachments

Issue Links

clones

JBEAP-11483 MissingMethodPermissionsDefaultAllowedTestCase and MissingMethodPermissionsTestCase fail when run with the Elytron profile enabled

Verified

Activity

People

Assignee:: Farah Juma

Reporter:: Farah Juma

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2017/06/19 11:03 AM

Updated:: 2017/12/06 11:47 AM

Resolved:: 2017/06/20 10:58 AM