-
Bug
-
Resolution: Done
-
Major
-
None
-
None
The @RunAs/@RunAsPrincipal annotations get ignored when used on a singleton
bean that is annotated with @Startup. This means the the singleton bean
is not able to call protected EJBs.
If the protected EJB is annotated with @PermitAll, then the
singleton is able to invoke the method because the
AuthorizationInterceptor create an "anonymous" user that is treated as
authenticated. However, the @RunAsPrincipal is ignored as the
getCallerPrincipal() returns anonymous instead of the @RunAsPrincipal.
I dug around in the code and it looks like the @RunAs/@RunAsPrincipal
annotations are getting handled correctly during deployment:
Step completed: "thread=MSC service thread 1-3", org.jboss.as.ejb3.deployment.processors.merging.RunAsMergingProcessor.handleDeploymentDescriptor(), line=126 bci=249
MSC service thread 1-3[1] print componentConfiguration.getRunAs()
componentConfiguration.getRunAs() = "JBossAdmin"
MSC service thread 1-3[1] print componentConfiguration.getRunAsPrincipal()
componentConfiguration.getRunAsPrincipal() = "fred"
However, by the time the SecurityContextInterceptor is called, the
runAs/runAsPrincipal settings are null.
- relates to
-
WFLY-9039 EJB with Elytron propagate identity even when it should not
- Closed
-
JBEAP-14307 [GSS](7.1.z) @RunAs/@RunAsPrincipal are ignored for @Startup/@Singleton bean
- Closed