Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3313

Websocket Auth - Container is not aware of the Principal

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 8.1.0.CR1, 10.0.0.Final, 15.0.0.Final
    • EJB, Security, Web (Undertow), Web Sockets
    • None
    • Hide

      1) download and unzip fresh WF 15
      2) add-user.sh -a -u u1 -p p1 -g g1
      3) deploy websocket-endpoint-security.war built from https://github.com/mchoma/javaee7-samples/tree/WFLY-3313
      4) http://localhost:8080/websocket-endpoint-security/
      5) Submit button "Echo"
      6) there is "u1 anonymous" in server console log should be "u1 u1"

      Note, same is valid with Elytron turn on (using enable-elytron.cli)

      Show
      1) download and unzip fresh WF 15 2) add-user.sh -a -u u1 -p p1 -g g1 3) deploy websocket-endpoint-security.war built from https://github.com/mchoma/javaee7-samples/tree/WFLY-3313 4) http://localhost:8080/websocket-endpoint-security/ 5) Submit button "Echo" 6) there is "u1 anonymous" in server console log should be "u1 u1" Note, same is valid with Elytron turn on (using enable-elytron.cli)

    Description

      The Websocket is protected by the web.xml. The session object of the callback object correctly returns the principal.

      When an EJB is called the callerPrincipal is always anonymous.

      @Resource
      private SessionContext ctx;

      Principal callerPrincipal = ctx.getCallerPrincipal();

      Running thread here:
      https://community.jboss.org/thread/240617

      Shouldn't the principal be propagated to the EJB container when a websocket callback method triggered?

      Attachments

        Activity

          People

            Unassigned Unassigned
            max_kuffs Markus D (Inactive)
            Votes:
            10 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated: