From users-return-26073-apmail-tomee-users-archive=tomee.apache.org@tomee.apache.org Thu Aug 17 10:42:10 2017 Return-Path: X-Original-To: apmail-tomee-users-archive@www.apache.org Delivered-To: apmail-tomee-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E00ED19081 for ; Thu, 17 Aug 2017 10:42:10 +0000 (UTC) Received: (qmail 10060 invoked by uid 500); 17 Aug 2017 10:42:10 -0000 Delivered-To: apmail-tomee-users-archive@tomee.apache.org Received: (qmail 10016 invoked by uid 500); 17 Aug 2017 10:42:10 -0000 Mailing-List: contact users-help@tomee.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@tomee.apache.org Delivered-To: mailing list users@tomee.apache.org Received: (qmail 10004 invoked by uid 99); 17 Aug 2017 10:42:10 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Aug 2017 10:42:10 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id E7718C00B6 for ; Thu, 17 Aug 2017 10:42:09 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.4 X-Spam-Level: X-Spam-Status: No, score=-0.4 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id D6LLbEXNPXBy for ; Thu, 17 Aug 2017 10:42:07 +0000 (UTC) Received: from mail-io0-f169.google.com (mail-io0-f169.google.com [209.85.223.169]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id BE3B95F21F for ; Thu, 17 Aug 2017 10:42:06 +0000 (UTC) Received: by mail-io0-f169.google.com with SMTP id m88so21563559iod.2 for ; Thu, 17 Aug 2017 03:42:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=L55MlV8fegEOiYxqk6OLdLor2+VQtoNM2z8KInfa6Po=; b=IgCJKQj++FztYaPeBfdGJyCGICusfsI8rZnfyhu0JixuXCqbJFYkzPXTwCj0SUKl+g EshTYNGoI/MalKGXhIUBVqClTqqpfLKhNJtGGEVzDicxilVM2bA5l9BGVPVPeReuIERz 3V6qHWUmeGRAKrq6PeVOpBkqZryN7bJvzdGtsTlR/gn1UObt+M0t0gh2KEBf3xN3UjtL gHWezcMBceB6w1qwDax3zY/ysPGssP6sW7z2DFLxqQJASrcbylg0tNkcJNtOnFHsaUU7 VlSQTl4ERtWb7L4fhxqpo8hu0VVzCs59KdzYNrfvd6JZa5t/SsaIiVA0t0ZxzI+CdGwh Waaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=L55MlV8fegEOiYxqk6OLdLor2+VQtoNM2z8KInfa6Po=; b=jQkvxODHbD+KKl59PKBlhobKBMde/4doGJOUp5SMUal1AyUqk0KB9gFRgp6O1oVRyJ Jqt2btRP8HhMNaOpMK2ENbhoXbwr0r7aa+AjuqTcWooNUGkGmkllNLnRBR8dsnFq6iG7 lJJcjSGWzf8udKMpuDxNJ4qGu7IJSWWST/eFt+E6FD6JBSE07CiEhnuU7DF5vamlQamS 7Vqasr30GvPIEyYh1mV8syGwdDeylaN59vMm1iIU6wqr3pzX3GPCMT56APGy2miKCZOr AUK0ssdyAbptSGQxOp6M2N8KJAPyjo2mwWXET87zT/iv359DEvw2mGUePUOMjo7YVug5 GUHQ== X-Gm-Message-State: AHYfb5gfCn8EUURdfABB2nA0U440GWIj58IAsA4MEFfHHGg/QOgfgcWg slYuTWM/QWzR8GPthK1ltaJW0ww+cVCA X-Received: by 10.107.30.76 with SMTP id e73mr4265180ioe.158.1502966525459; Thu, 17 Aug 2017 03:42:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.2.26.71 with HTTP; Thu, 17 Aug 2017 03:42:05 -0700 (PDT) In-Reply-To: References: From: Kaloyan Spiridonov Date: Thu, 17 Aug 2017 13:42:05 +0300 Message-ID: Subject: Re: @RunAs does not work properly when it is used in servlet To: users@tomee.apache.org Content-Type: multipart/alternative; boundary="001a1141ac2edc07780556f0a9fa" --001a1141ac2edc07780556f0a9fa Content-Type: text/plain; charset="UTF-8" Here is the ticket: https://issues.apache.org/jira/browse/TOMEE-2118 Thank you for looking into this. Regards, Kaloyan On Thu, Aug 17, 2017 at 1:16 PM, Jonathan Gallimore < jonathan.gallimore@gmail.com> wrote: > That looks like a bug. Looks like the role check doesn't work with the > RunAsRole that the TomcatSecurityService creates, and the @RunAs for EjbOne > doesn't seem to make it onto the stack. I haven't tried, but I suspect this > would work in an embedded fashion, i.e. like this example: > https://github.com/apache/tomee/tree/master/examples/testing-security. > > Can you file a JIRA ticket, and I'll attempt to patch that up? > > Many thanks > > Jon > > On Tue, Aug 15, 2017 at 2:49 PM, Jonathan Gallimore < > jonathan.gallimore@gmail.com> wrote: > > > Hi > > > > Thanks for your mail! I'll grab you example later today and take a look. > > > > Thanks > > > > Jon > > > > On Tue, Aug 15, 2017 at 2:20 PM, Kaloyan Spiridonov < > > k.i.spiridonov@gmail.com> wrote: > > > >> Hello, > >> > >> I have the following scenario: > >> > >> Servlet -> EjbOne -> EjbTwo > >> My expectation is that @RunAs of the servlet will be propagated to > EjbOne > >> and the @RunAs of the EjbOne will be propagated to @EjbTwo. > >> But this does not happen - see the output below. When i remove @RunAs > >> annotation from the servlet the @RunAs of EjbOne is propagated > correctly. > >> > >> Actual output: > >> > >> EjbOne (Before EjbTwo) expected role: Manager, > isCallerInRole("Manager"): > >> false > >> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("VP"): > false > >> EjbOne (Before EjbTwo) expected role: Manager,) > >> isCallerInRole("Administrator"): false > >> EjbTwo expected role: VP, isCallerInRole("Manager"): false > >> EjbTwo expected role: VP, isCallerInRole("VP"): false > >> EjbTwo expected role: VP, isCallerInRole("Administrator"): false > >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("Manager"): > >> false > >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("VP"): > false > >> EjbOne (After EjbTwo) expected role: Manager, > >> isCallerInRole("Administrator"): false > >> > >> > >> Expected output: > >> > >> EjbOne (Before EjbTwo) expected role: Manager, > isCallerInRole("Manager"): > >> true > >> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("VP"): > false > >> EjbOne (Before EjbTwo) expected role: Manager,) > >> isCallerInRole("Administrator"): false > >> EjbTwo expected role: VP, isCallerInRole("Manager"): false > >> EjbTwo expected role: VP, isCallerInRole("VP"): true > >> EjbTwo expected role: VP, isCallerInRole("Administrator"): false > >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("Manager"): > >> true > >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("VP"): > false > >> EjbOne (After EjbTwo) expected role: Manager, > >> isCallerInRole("Administrator"): false > >> > >> Here is the source of the application: https://github.com/kal0ian/Exa > >> mples > >> > >> Regards, > >> Kaloyan > >> > > > > > --001a1141ac2edc07780556f0a9fa--