Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-2146

Login-Principal is not propagated to Ejb's SessionContext

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • None
    • 7.0.2.Final
    • EJB, Security
    • None
    • Hide
      • In the forum I provided a little ear file and the sources that demonstrate the problem
      • you need a loginModule for the security-domain myDomain, I tried it with org.jboss.security.auth.spi.DatabaseServerLoginModule,
        but you can also reproduce the bug with the following security configuration 
                        <security-domain name="myDomain">
                    <authentication>
                        <login-module code="org.jboss.security.auth.spi.IdentityLoginModule" flag="required">
                            <module-option name="principal" value="admin"/>
                            <module-option name="roles" value="superuser"/>
                        </login-module>
                    </authentication>
                </security-domain>
      • call principal-war/principalViewer
      • login as user admin with role superuser
      • and you see after successful login, that ejb context is not aware of the freshly logged in principal in the following request, my app is invalidating the session in this case...
      Show
      In the forum I provided a little ear file and the sources that demonstrate the problem you need a loginModule for the security-domain myDomain, I tried it with org.jboss.security.auth.spi.DatabaseServerLoginModule, but you can also reproduce the bug with the following security configuration <security-domain name="myDomain"> <authentication> <login-module code="org.jboss.security.auth.spi.IdentityLoginModule" flag="required"> <module-option name="principal" value="admin"/> <module-option name="roles" value="superuser"/> </login-module> </authentication> </security-domain> call principal-war/principalViewer login as user admin with role superuser and you see after successful login, that ejb context is not aware of the freshly logged in principal in the following request, my app is invalidating the session in this case...

    Description

      Right after a form based login the principal is not propagated correctly to the EJB session context.

      Attachments

        Activity

          People

            mmoyses Marcus Moyses (Inactive)
            didier2011 Dieter Tengelmann (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: