tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Gallimore <jonathan.gallim...@gmail.com>
Subject Re: @RunAs does not work properly when it is used in servlet
Date Thu, 17 Aug 2017 10:16:29 GMT
That looks like a bug. Looks like the role check doesn't work with the
RunAsRole that the TomcatSecurityService creates, and the @RunAs for EjbOne
doesn't seem to make it onto the stack. I haven't tried, but I suspect this
would work in an embedded fashion, i.e. like this example:
https://github.com/apache/tomee/tree/master/examples/testing-security.

Can you file a JIRA ticket, and I'll attempt to patch that up?

Many thanks

Jon

On Tue, Aug 15, 2017 at 2:49 PM, Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:

> Hi
>
> Thanks for your mail! I'll grab you example later today and take a look.
>
> Thanks
>
> Jon
>
> On Tue, Aug 15, 2017 at 2:20 PM, Kaloyan Spiridonov <
> k.i.spiridonov@gmail.com> wrote:
>
>> Hello,
>>
>> I have the following scenario:
>>
>> Servlet -> EjbOne -> EjbTwo
>> My expectation is that @RunAs of the servlet will be propagated to EjbOne
>> and the @RunAs of the EjbOne will be propagated to @EjbTwo.
>> But this does not happen - see the output below. When i remove @RunAs
>> annotation from the servlet the @RunAs of EjbOne is propagated correctly.
>>
>> Actual output:
>>
>> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("Manager"):
>> false
>> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("VP"): false
>> EjbOne (Before EjbTwo) expected role: Manager,)
>> isCallerInRole("Administrator"): false
>> EjbTwo expected role: VP, isCallerInRole("Manager"): false
>> EjbTwo expected role: VP, isCallerInRole("VP"): false
>> EjbTwo expected role: VP, isCallerInRole("Administrator"): false
>> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("Manager"):
>> false
>> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("VP"): false
>> EjbOne (After EjbTwo) expected role: Manager,
>> isCallerInRole("Administrator"): false
>>
>>
>> Expected output:
>>
>> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("Manager"):
>> true
>> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("VP"): false
>> EjbOne (Before EjbTwo) expected role: Manager,)
>> isCallerInRole("Administrator"): false
>> EjbTwo expected role: VP, isCallerInRole("Manager"): false
>> EjbTwo expected role: VP, isCallerInRole("VP"): true
>> EjbTwo expected role: VP, isCallerInRole("Administrator"): false
>> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("Manager"):
>> true
>> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("VP"): false
>> EjbOne (After EjbTwo) expected role: Manager,
>> isCallerInRole("Administrator"): false
>>
>> Here is the source of the application: https://github.com/kal0ian/Exa
>> mples
>>
>> Regards,
>> Kaloyan
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message