Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
JBossAS-4.0.5.GA
-
None
Description
My application is using JAAS authentication on web and ejb side. An authenticated user calls a stateless session bean from the web application which uses 'runAs' to change security role and calls a second stateless session bean. The second bean recuperates an 'anonymous' principal but it should be the authenticated user. This does not happen on our production server (JBoss 3.2.7) but on JBoss 4.05.GA.
Test case:
I try to attach my test case (where can I attach it ???) which boils down the problem.
To run it, please
- unzip the file (runAsError.zip)
- you can import the content as a project in Eclipse if you prefer
- change the 'jboss.dist' property in the 'ant.properties' file to your jBoss 4.0.5.GA installation
- run the 'install' target of 'build.xml' which creates a new jboss container called 'runAsError'
- start the 'runAsError' container (run -c runAsError)
- run the 'test' target of 'build.xml'
What happens:
Standalone client calls Session1.hello() with caller principal 'max' . Session1 calls Session2.hello2() using runAs 'internal'. Session2 should get caller principal 'max' but gets 'anonymous'. See Exception that is thrown in SessionBean2.hello2().
It seems to be a different bug than http://jira.jboss.com/jira/browse/JBAS-1852 since I run the JBAS-1852 test and it seemed to work (I had some troubles with the DatabaseServerLoginModule that were probably related to my incompetence .