[ https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17330340#comment-17330340 ]
Richard Zowalla commented on TOMEE-3725: ---------------------------------------- Via Maven you can add the related snapshot repos: {code:java} <repositories> <repository> <id>apache.snapshots</id> <name>Apache Snapshot Repository</name> <url>https://repository.apache.org/snapshots</url> <releases> <enabled>false</enabled> </releases> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>apache.snapshots</id> <name>Apache Snapshot Repository</name> <url>https://repository.apache.org/snapshots</url> <releases> <enabled>false</enabled> </releases> </pluginRepository> </pluginRepositories> {code} Alternative, if you only want the ZIP / TAR.GZ: * [https://repository.apache.org/content/repositories/snapshots/org/apache/tomee/apache-tomee/] Make sure to use the latest one. > Returns invalid principal - Java EE Security - Inject > javax.security.enterprise.SecurityContext > ------------------------------------------------------------------------------------------------- > > Key: TOMEE-3725 > URL: https://issues.apache.org/jira/browse/TOMEE-3725 > Project: TomEE > Issue Type: Bug > Components: TomEE Core Server > Affects Versions: 8.0.6 > Reporter: Pramod > Priority: Major > Fix For: 8.0.6 > > > We used apache-tomee-plume-8.0.6 for this issue reproduce. > We use our own JASPIC implementation for security, which works fine so far. > It creates a CallerPrincipalCallback with subject and our own > AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal > we get "GenericPrincipal" > "getCallerPrincipal >[TomcatUser: > GenericPrincipal[XXXXX(JFOXXXST.administrator,JFOXXXST.users,)]]" > > & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not > propagated correctly from servlet container to EJB container, the same works > fine in OpenLiberty 21.0.0.X > > After spending some more check in security - looks like > tomee-security-8.0.6.jar has below implementation which is returning empty > set - is this expected? or future implementation will be provided? > public Principal getCallerPrincipal() > { > return this.securityService.getCallerPrincipal(); > } > public <T extends Principal> Set<T> getPrincipalsByType(Class<T> pType) > { return Collections.emptySet(); } -- This message was sent by Atlassian Jira (v8.3.4#803005)