Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-2146

Login-Principal is not propagated to Ejb's SessionContext

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 7.0.2.Final
    • Fix Version/s: None
    • Component/s: EJB, Security
    • Labels:
      None
    • Steps to Reproduce:
      Hide
      • In the forum I provided a little ear file and the sources that demonstrate the problem
      • you need a loginModule for the security-domain myDomain, I tried it with org.jboss.security.auth.spi.DatabaseServerLoginModule,
        but you can also reproduce the bug with the following security configuration
                        <security-domain name="myDomain">
                            <authentication>
                                <login-module code="org.jboss.security.auth.spi.IdentityLoginModule" flag="required">
                                    <module-option name="principal" value="admin"/>
                                    <module-option name="roles" value="superuser"/>
                                </login-module>
                            </authentication>
                        </security-domain>
        
      • call principal-war/principalViewer
      • login as user admin with role superuser
      • and you see after successful login, that ejb context is not aware of the freshly logged in principal in the following request, my app is invalidating the session in this case...
      Show
      In the forum I provided a little ear file and the sources that demonstrate the problem you need a loginModule for the security-domain myDomain, I tried it with org.jboss.security.auth.spi.DatabaseServerLoginModule, but you can also reproduce the bug with the following security configuration <security-domain name="myDomain"> <authentication> <login-module code="org.jboss.security.auth.spi.IdentityLoginModule" flag="required"> <module-option name="principal" value="admin"/> <module-option name="roles" value="superuser"/> </login-module> </authentication> </security-domain> call principal-war/principalViewer login as user admin with role superuser and you see after successful login, that ejb context is not aware of the freshly logged in principal in the following request, my app is invalidating the session in this case...

      Description

      Right after a form based login the principal is not propagated correctly to the EJB session context.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                mmoyses Marcus Moyses
                Reporter:
                didier2011 Dieter Tengelmann
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: