Pramod created TOMEE-3725:
-----------------------------
Summary: Returns empty set on
javax.security.enterprise.SecurityContext -Principal> Set<T>
getPrincipalsByType(Class<T> pType)
Key: TOMEE-3725
URL: https://issues.apache.org/jira/browse/TOMEE-3725
Project: TomEE
Issue Type: Bug
Components: TomEE Core Server
Affects Versions: 8.0.6
Reporter: Pramod
Fix For: 8.0.6
We used apache-tomee-plume-8.0.6 for this issue reproduce.
We use our own JASPIC implementation for security, which works fine so far. It
creates a CallerPrincipalCallback with subject and our own AuthenticatedUser
principal. But if we call in an EJB ctx.getCallerPrincipal we get
"GenericPrincipal"
"getCallerPrincipal >[TomcatUser:
GenericPrincipal[XXXXX(JFOXXXST.administrator,JFOXXXST.users,)]]"
& NOT AuthenticatedUser principal- It seems our REQUIRED principal is not
propagated correctly from servlet container to EJB container, the same works
fine in OpenLiberty 21.0.0.X
After spending some more check in security - looks like
tomee-security-8.0.6.jar has below implementation which is returning empty set
- is this expected? or future implementation will be provided?
public <T extends Principal> Set<T> getPrincipalsByType(Class<T> pType)
{
return Collections.emptySet();
}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
