tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaloyan Spiridonov <k.i.spirido...@gmail.com>
Subject Re: @RunAs does not work properly when it is used in servlet
Date Thu, 17 Aug 2017 10:42:05 GMT
Here is the ticket: https://issues.apache.org/jira/browse/TOMEE-2118
Thank you for looking into this.

Regards,
Kaloyan

On Thu, Aug 17, 2017 at 1:16 PM, Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:

> That looks like a bug. Looks like the role check doesn't work with the
> RunAsRole that the TomcatSecurityService creates, and the @RunAs for EjbOne
> doesn't seem to make it onto the stack. I haven't tried, but I suspect this
> would work in an embedded fashion, i.e. like this example:
> https://github.com/apache/tomee/tree/master/examples/testing-security.
>
> Can you file a JIRA ticket, and I'll attempt to patch that up?
>
> Many thanks
>
> Jon
>
> On Tue, Aug 15, 2017 at 2:49 PM, Jonathan Gallimore <
> jonathan.gallimore@gmail.com> wrote:
>
> > Hi
> >
> > Thanks for your mail! I'll grab you example later today and take a look.
> >
> > Thanks
> >
> > Jon
> >
> > On Tue, Aug 15, 2017 at 2:20 PM, Kaloyan Spiridonov <
> > k.i.spiridonov@gmail.com> wrote:
> >
> >> Hello,
> >>
> >> I have the following scenario:
> >>
> >> Servlet -> EjbOne -> EjbTwo
> >> My expectation is that @RunAs of the servlet will be propagated to
> EjbOne
> >> and the @RunAs of the EjbOne will be propagated to @EjbTwo.
> >> But this does not happen - see the output below. When i remove @RunAs
> >> annotation from the servlet the @RunAs of EjbOne is propagated
> correctly.
> >>
> >> Actual output:
> >>
> >> EjbOne (Before EjbTwo) expected role: Manager,
> isCallerInRole("Manager"):
> >> false
> >> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("VP"):
> false
> >> EjbOne (Before EjbTwo) expected role: Manager,)
> >> isCallerInRole("Administrator"): false
> >> EjbTwo expected role: VP, isCallerInRole("Manager"): false
> >> EjbTwo expected role: VP, isCallerInRole("VP"): false
> >> EjbTwo expected role: VP, isCallerInRole("Administrator"): false
> >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("Manager"):
> >> false
> >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("VP"):
> false
> >> EjbOne (After EjbTwo) expected role: Manager,
> >> isCallerInRole("Administrator"): false
> >>
> >>
> >> Expected output:
> >>
> >> EjbOne (Before EjbTwo) expected role: Manager,
> isCallerInRole("Manager"):
> >> true
> >> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("VP"):
> false
> >> EjbOne (Before EjbTwo) expected role: Manager,)
> >> isCallerInRole("Administrator"): false
> >> EjbTwo expected role: VP, isCallerInRole("Manager"): false
> >> EjbTwo expected role: VP, isCallerInRole("VP"): true
> >> EjbTwo expected role: VP, isCallerInRole("Administrator"): false
> >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("Manager"):
> >> true
> >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("VP"):
> false
> >> EjbOne (After EjbTwo) expected role: Manager,
> >> isCallerInRole("Administrator"): false
> >>
> >> Here is the source of the application: https://github.com/kal0ian/Exa
> >> mples
> >>
> >> Regards,
> >> Kaloyan
> >>
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message