Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-9039

EJB with Elytron propagate identity even when it should not

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 11.0.0.Beta1
    • 11.0.0.Alpha1
    • Security
    • None
    • Hide 
      mvn clean install -Dwildfly.tmp.enable.invocation.tests=true -DallTests -pl testsuite/integration/basic -Dtest=org.jboss.as.test.integration.ejb.security.RunAsPrincipalTestCase#testSingletonPostconstructSecurityNotPropagating
      Show
      mvn clean install -Dwildfly.tmp.enable.invocation.tests= true -DallTests -pl testsuite/integration/basic -Dtest=org.jboss.as.test.integration.ejb.security.RunAsPrincipalTestCase#testSingletonPostconstructSecurityNotPropagating

    Description

      In RunAsPrincipalTestCase#testSingletonPostconstructSecurityNotPropagating, when Elytron enabled, identity (including Admin role) is propagated into StatelessBBean:

      StatelessSingletonUseBean
SimpleSingletonBean
| check Admin in [Admin] (has required role)
StatelessBBean

      In non-Elytron case the check is unsuccessful as test require, because identity is not propagated:

      StatelessSingletonUseBean
SimpleSingletonBean
| authorize
EXCEPTION
 methodRoles = Admin
 securityContext.subjectInfo = anonymouse

      This is lack of WFLY-981 fix when Elytron used: Identity is propagated from @PostConstruct method.

      Attachments

        Issue Links

          blocks

          Task - Represents a small unit of work that is not end-user facing. WFLY-8984 Fix tests which currently fail with -Dwildfly.tmp.enable.elytron.profile.tests

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11913 EJB with Elytron propagate identity even when it should not

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          is related to

          Bug - A problem that impairs or prevents the functions of the product. WFLY-981 @RunAs/@RunAsPrincipal are ignored for @Startup/@Singleton bean

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              jkalina@redhat.com Jan Kalina (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: