Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8414

EJBContext.getCallerPrincipal behaves differently in Elytron and legacy security

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 11.0.0.Beta1
    • None
    • EJB, Security
    • None
    • Hide

      AS TS:

      cd testsuite/integration/basic
mvn clean test -Delytron -Dwildfly.tmp.enable.elytron.profile.tests=true -Dtest=RemoteIdentityTestCase#testUnsecured

      Expected result: Test passing

      Current result:

      RemoteIdentityTestCase.testUnsecured:79 expected:<[anonymous]> but was:<[guest]>
      Show
      AS TS: cd testsuite/integration/basic mvn clean test -Delytron -Dwildfly.tmp.enable.elytron.profile.tests= true -Dtest=RemoteIdentityTestCase#testUnsecured Expected result: Test passing Current result: RemoteIdentityTestCase.testUnsecured:79 expected:<[anonymous]> but was:<[guest]>

      The EJBContext.getCallerPrincipal() used in unsecured EJB method returns "anonymous" (i.e. unauthenticatedIdentity) in legacy security and it returns authenticated user-name when the default security domain ("other") is mapped to Elytron.

      This could complicate users migration from legacy security to Elytron.

      I'm not sure if this behavior was intended or if it's just a problem of how the Elytron default domain mapping works in ejb3 subsystem.

      If the current getCallerPrincipal behavior is correct, then we should either reuse this JIRA for Documentation changes (especially Migration guide) or close this and create a new Documentation one.

            fjuma1@redhat.com Farah Juma
            josef.cacek@gmail.com Josef Cacek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: