Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.ER2
Affects Version/s: 7.0.5.GA
Component/s: EJB, Security
Labels:
None

Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1335299
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/jbossas/jboss-eap7/pull/2027
Steps to Reproduce:
Hide

copy "other" security-domain to "jmx-console"

deploy SimpleEAR_EJB3.ear

hit http://localhost:8080/SimpleWar/Hello
Show
copy "other" security-domain to "jmx-console" deploy SimpleEAR_EJB3.ear hit http://localhost:8080/SimpleWar/Hello

SFDC Cases Counter:
SFDC Cases Links:

Description

Having an unsecured EJB in the call stack will cause the RunAs identity to get lost.

An example might look like this:

unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)

This will fail as the unsecured ejb causes the RunAs identity to get dropped/lost.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

SimpleEAR_EJB3.ear
10 kB
2017/06/09 3:21 PM

Issue Links

clones

WFLY-8917 EJB run-as identity gets lost if an unsecured ejb in the call stack

Closed

is cloned by

JBEAP-11632 [GSS] (7.0.z) EJB run-as identity gets lost if an unsecured ejb in the call stack

Closed

is related to

JBEAP-12160 EJB run-as identity gets lost if an unsecured ejb in the call stack - not fixed in Elytron

Verified

Activity

People

Assignee:: Jiri Ondrusek

Reporter:: Derek Horton

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017/06/09 3:21 PM

Updated:: 2022/09/09 7:09 AM

Resolved:: 2017/06/23 3:52 PM