Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-1672

@RolesAllowed annotation doesn't work with JAAS (karaf and CXF)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • jboss-fuse-6.2
    • jboss-fuse-6.1
    • None
    • None
    • % %
    • Hide

      1. Annotate web service impl with @RolesAllowed("WWW1").
      2. Turn on authorization on CXF Bus

          <cxf:bus>
        <cxf:inInterceptors>
            <ref component-id="authorizationInterceptor" />
        </cxf:inInterceptors>
    </cxf:bus>

    <bean id="authorizationInterceptor" class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
        <property name="securedObject" ref="ticketService"/>
    </bean>

      3. Turn on JAAS authentication on Web Service

      Show
      1. Annotate web service impl with @RolesAllowed("WWW1"). 2. Turn on authorization on CXF Bus <cxf:bus> <cxf:inInterceptors> <ref component-id= "authorizationInterceptor" /> </cxf:inInterceptors> </cxf:bus> <bean id= "authorizationInterceptor" class= "org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor" > <property name= "securedObject" ref= "ticketService" /> </bean> 3. Turn on JAAS authentication on Web Service

    Description

      There is a problem in JBoss Fuse 6.1 with Karaf's JAAS and CXF authorization system.

      That is because of Karaf's RolePricipal do not implements Group as CXF expected. Instead of it, it implements Pricipal so CXF thinks that 1st role name is a username. As a result 1st role is ignored and request is rejected, unless user has more roles required to invoke a service. If yes, then second role is taken and request is processed.

      This problem is already solved by this issue: https://issues.apache.org/jira/browse/CXF-5603

      We just need to back port it to next bug fix release of JBoss Fuse 6.
      Sooner, better because one of our customers is about to use it.

      Attachments

        Activity

          People

            pklimcza_jira Piotr Klimczak (Inactive)
            pklimcza_jira Piotr Klimczak (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: