Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3313

Websocket Auth - Container is not aware of the Principal

    Details

    • Steps to Reproduce:
      Hide

      1) download and unzip fresh WF 15
      2) add-user.sh -a -u u1 -p p1 -g g1
      3) deploy websocket-endpoint-security.war built from https://github.com/mchoma/javaee7-samples/tree/WFLY-3313
      4) http://localhost:8080/websocket-endpoint-security/
      5) Submit button "Echo"
      6) there is "u1 anonymous" in server console log should be "u1 u1"

      Note, same is valid with Elytron turn on (using enable-elytron.cli)

      Show
      1) download and unzip fresh WF 15 2) add-user.sh -a -u u1 -p p1 -g g1 3) deploy websocket-endpoint-security.war built from https://github.com/mchoma/javaee7-samples/tree/WFLY-3313 4) http://localhost:8080/websocket-endpoint-security/ 5) Submit button "Echo" 6) there is "u1 anonymous" in server console log should be "u1 u1" Note, same is valid with Elytron turn on (using enable-elytron.cli)

      Description

      The Websocket is protected by the web.xml. The session object of the callback object correctly returns the principal.

      When an EJB is called the callerPrincipal is always anonymous.

      @Resource
      private SessionContext ctx;

      Principal callerPrincipal = ctx.getCallerPrincipal();

      Running thread here:
      https://community.jboss.org/thread/240617

      Shouldn't the principal be propagated to the EJB container when a websocket callback method triggered?

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                max_kuffs Markus D
              • Votes:
                7 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated: