[
https://issues.apache.org/jira/browse/TOMEE-2763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yakushev Mikhail updated TOMEE-2763:
------------------------------------
Description:
Sample application: [^tomee-runas.zip]
EJB 1
{code:java}
@LocalBean
@Stateless(name = "MyStateless")
public class MyStatelessBean {
@Resource
private SessionContext sessionContext;
@EJB
private UserBean userBean; public MyStatelessBean() {
} public void test() {
System.out.println("ejb WITHOUT @RunAs, username from sessionContext 1:
" + sessionContext.getCallerPrincipal().getName());
System.out.println("ejb WITHOUT @RunAs, username from another ejb: " +
userBean.currentUserName());
System.out.println("ejb WITHOUT @RunAs, username from sessionContext 2:
" + sessionContext.getCallerPrincipal().getName());
}
}{code}
EJB 2
{code:java}
@LocalBean
@RunAs("admin")
@Stateless(name = "MyStatelessRunAsBean")
public class MyStatelessRunAsBean {
@Resource
private SessionContext sessionContext;
@EJB
private UserBean userBean;
public MyStatelessRunAsBean() {
}
public void test() {
System.out.println("ejb WITH @RunAs, username from sessionContext 1: "
+ sessionContext.getCallerPrincipal().getName());
System.out.println("ejb WITH @RunAs, username from another ejb: " +
userBean.currentUserName());
System.out.println("ejb WITH @RunAs, username from sessionContext 2: "
+ sessionContext.getCallerPrincipal().getName());
}
}{code}
EJB 3
{code:java}
@LocalBean
@Stateless(name = "UserBean")
public class UserBean {
@Resource
private SessionContext sessionContext;
public UserBean() {
}
public String currentUserName() {
return sessionContext.getCallerPrincipal().getName();
}
}{code}
Backing bean for jsf page
{code:java}
@Model
public class IndexMB {
@EJB
private MyStatelessBean myStatelessBean;
@EJB
private MyStatelessRunAsBean myStatelessRunAsBean;
public void test(ActionEvent event) {
myStatelessBean.test();
myStatelessRunAsBean.test();
myStatelessBean.test();
}
}
{code}
Expected output:
ejb WITHOUT @RunAs, username from sessionContext 1: *ymn*
ejb WITHOUT @RunAs, username from another ejb: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 2: *ymn*
ejb WITH @RunAs, username from sessionContext 1: *ymn*
ejb WITH @RunAs, username from another ejb: *admin*
ejb WITH @RunAs, username from sessionContext 2: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 1: *ymn*
ejb WITHOUT @RunAs, username from another ejb: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 2: *ymn*
Real output:
ejb WITHOUT @RunAs, username from sessionContext 1: *ymn*
ejb WITHOUT @RunAs, username from another ejb: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 2: *ymn*
ejb WITH @RunAs, username from sessionContext 1: *ymn*
ejb WITH @RunAs, username from another ejb: *admin*
ejb WITH @RunAs, username from sessionContext 2: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 1: *guest*
ejb WITHOUT @RunAs, username from another ejb: *guest*
ejb WITHOUT @RunAs, username from sessionContext 2: *guest*
I think problem in method *enterWebApp* of class *TomcatSecurityService*.
was:
Sample application: [^tomee-runas.zip]
EJB 1
{code:java}
@LocalBean
@Stateless(name = "MyStateless")
public class MyStatelessBean {
@Resource
private SessionContext sessionContext;
@EJB
private UserBean userBean; public MyStatelessBean() {
} public void test() {
System.out.println("ejb WITHOUT @RunAs, username from sessionContext 1:
" + sessionContext.getCallerPrincipal().getName());
System.out.println("ejb WITHOUT @RunAs, username from another ejb: " +
userBean.currentUserName());
System.out.println("ejb WITHOUT @RunAs, username from sessionContext 2:
" + sessionContext.getCallerPrincipal().getName());
}
}{code}
EJB 2
{code:java}
@LocalBean
@RunAs("admin")
@Stateless(name = "MyStatelessRunAsBean")
public class MyStatelessRunAsBean {
@Resource
private SessionContext sessionContext;
@EJB
private UserBean userBean;
public MyStatelessRunAsBean() {
}
public void test() {
System.out.println("ejb WITH @RunAs, username from sessionContext 1: "
+ sessionContext.getCallerPrincipal().getName());
System.out.println("ejb WITH @RunAs, username from another ejb: " +
userBean.currentUserName());
System.out.println("ejb WITH @RunAs, username from sessionContext 2: "
+ sessionContext.getCallerPrincipal().getName());
}
}{code}
EJB 3
{code:java}
@LocalBean
@Stateless(name = "UserBean")
public class UserBean {
@Resource
private SessionContext sessionContext;
public UserBean() {
}
public String currentUserName() {
return sessionContext.getCallerPrincipal().getName();
}
}{code}
Backing bean for jsf page
{code:java}
@Model
public class IndexMB {
@EJB
private MyStatelessBean myStatelessBean;
@EJB
private MyStatelessRunAsBean myStatelessRunAsBean;
public void test(ActionEvent event) {
myStatelessBean.test();
myStatelessRunAsBean.test();
myStatelessBean.test();
}
}
{code}
Expected output:
ejb WITHOUT @RunAs, username from sessionContext 1: *ymn*
ejb WITHOUT @RunAs, username from another ejb: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 2: *ymn*
ejb WITH @RunAs, username from sessionContext 1: *ymn*
ejb WITH @RunAs, username from another ejb: *admin*
ejb WITH @RunAs, username from sessionContext 2: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 1: *ymn*
ejb WITHOUT @RunAs, username from another ejb: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 2: *ymn*
Real output:
ejb WITHOUT @RunAs, username from sessionContext 1: *ymn*
ejb WITHOUT @RunAs, username from another ejb: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 2: *ymn*
ejb WITH @RunAs, username from sessionContext 1: *ymn*
ejb WITH @RunAs, username from another ejb: *admin*
ejb WITH @RunAs, username from sessionContext 2: *ymn*
ejb WITHOUT @RunAs, username from sessionContext 1: *guest*
ejb WITHOUT @RunAs, username from another ejb: *guest*
ejb WITHOUT @RunAs, username from sessionContext 2: *guest*
> Security Principal is lost after calling a method from ejb with @RunAs
> annotation
> ---------------------------------------------------------------------------------
>
> Key: TOMEE-2763
> URL: https://issues.apache.org/jira/browse/TOMEE-2763
> Project: TomEE
> Issue Type: Bug
> Reporter: Yakushev Mikhail
> Priority: Major
> Attachments: tomee-runas.zip
>
>
> Sample application: [^tomee-runas.zip]
>
> EJB 1
> {code:java}
> @LocalBean
> @Stateless(name = "MyStateless")
> public class MyStatelessBean {
> @Resource
> private SessionContext sessionContext;
> @EJB
> private UserBean userBean; public MyStatelessBean() {
> } public void test() {
> System.out.println("ejb WITHOUT @RunAs, username from sessionContext
> 1: " + sessionContext.getCallerPrincipal().getName());
> System.out.println("ejb WITHOUT @RunAs, username from another ejb: "
> + userBean.currentUserName());
> System.out.println("ejb WITHOUT @RunAs, username from sessionContext
> 2: " + sessionContext.getCallerPrincipal().getName());
> }
> }{code}
> EJB 2
> {code:java}
> @LocalBean
> @RunAs("admin")
> @Stateless(name = "MyStatelessRunAsBean")
> public class MyStatelessRunAsBean {
> @Resource
> private SessionContext sessionContext;
> @EJB
> private UserBean userBean;
> public MyStatelessRunAsBean() {
> }
> public void test() {
> System.out.println("ejb WITH @RunAs, username from sessionContext 1:
> " + sessionContext.getCallerPrincipal().getName());
> System.out.println("ejb WITH @RunAs, username from another ejb: " +
> userBean.currentUserName());
> System.out.println("ejb WITH @RunAs, username from sessionContext 2:
> " + sessionContext.getCallerPrincipal().getName());
> }
> }{code}
> EJB 3
> {code:java}
> @LocalBean
> @Stateless(name = "UserBean")
> public class UserBean {
> @Resource
> private SessionContext sessionContext;
> public UserBean() {
> }
> public String currentUserName() {
> return sessionContext.getCallerPrincipal().getName();
> }
> }{code}
> Backing bean for jsf page
> {code:java}
> @Model
> public class IndexMB {
> @EJB
> private MyStatelessBean myStatelessBean;
> @EJB
> private MyStatelessRunAsBean myStatelessRunAsBean;
> public void test(ActionEvent event) {
> myStatelessBean.test();
> myStatelessRunAsBean.test();
> myStatelessBean.test();
> }
> }
> {code}
> Expected output:
> ejb WITHOUT @RunAs, username from sessionContext 1: *ymn*
> ejb WITHOUT @RunAs, username from another ejb: *ymn*
> ejb WITHOUT @RunAs, username from sessionContext 2: *ymn*
> ejb WITH @RunAs, username from sessionContext 1: *ymn*
> ejb WITH @RunAs, username from another ejb: *admin*
> ejb WITH @RunAs, username from sessionContext 2: *ymn*
> ejb WITHOUT @RunAs, username from sessionContext 1: *ymn*
> ejb WITHOUT @RunAs, username from another ejb: *ymn*
> ejb WITHOUT @RunAs, username from sessionContext 2: *ymn*
>
> Real output:
> ejb WITHOUT @RunAs, username from sessionContext 1: *ymn*
> ejb WITHOUT @RunAs, username from another ejb: *ymn*
> ejb WITHOUT @RunAs, username from sessionContext 2: *ymn*
> ejb WITH @RunAs, username from sessionContext 1: *ymn*
> ejb WITH @RunAs, username from another ejb: *admin*
> ejb WITH @RunAs, username from sessionContext 2: *ymn*
> ejb WITHOUT @RunAs, username from sessionContext 1: *guest*
> ejb WITHOUT @RunAs, username from another ejb: *guest*
> ejb WITHOUT @RunAs, username from sessionContext 2: *guest*
> I think problem in method *enterWebApp* of class *TomcatSecurityService*.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
