[jira] [Commented] (TOMEE-3725) Returns invalid principal - Java EE Security - Inject javax.security.enterprise.SecurityContext

Fri, 23 Apr 2021 02:37:21 -0700 


    [ 
https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17330340#comment-17330340
 ] 

Richard Zowalla commented on TOMEE-3725:
----------------------------------------

Via Maven you can add the related snapshot repos:
{code:java}
<repositories>
        <repository>
            <id>apache.snapshots</id>
            <name>Apache Snapshot Repository</name>
            <url>https://repository.apache.org/snapshots</url>
            <releases>
                <enabled>false</enabled>
            </releases>
        </repository>     
    </repositories>   

    <pluginRepositories>
        <pluginRepository>
            <id>apache.snapshots</id>
            <name>Apache Snapshot Repository</name>
            <url>https://repository.apache.org/snapshots</url>
            <releases>
                <enabled>false</enabled>
            </releases>
        </pluginRepository>
    </pluginRepositories>
{code}
Alternative, if you only want the ZIP / TAR.GZ:
 * 
[https://repository.apache.org/content/repositories/snapshots/org/apache/tomee/apache-tomee/]

Make sure to use the latest one.

 

 

> Returns invalid principal -   Java EE Security - Inject 
> javax.security.enterprise.SecurityContext
> -------------------------------------------------------------------------------------------------
>
>                 Key: TOMEE-3725
>                 URL: https://issues.apache.org/jira/browse/TOMEE-3725
>             Project: TomEE
>          Issue Type: Bug
>          Components: TomEE Core Server
>    Affects Versions: 8.0.6
>            Reporter: Pramod
>            Priority: Major
>             Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. 
> It creates a CallerPrincipalCallback with subject and our own 
> AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal 
> we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: 
> GenericPrincipal[XXXXX(JFOXXXST.administrator,JFOXXXST.users,)]]"
>  
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not 
> propagated correctly from servlet container to EJB container, the same works 
> fine in OpenLiberty 21.0.0.X
>  
> After spending some more check in security - looks like 
> tomee-security-8.0.6.jar has below implementation which is returning empty 
> set - is this expected? or future implementation will be provided?
>  public Principal getCallerPrincipal()
>  {
>  return this.securityService.getCallerPrincipal();
>  }
> public <T extends Principal> Set<T> getPrincipalsByType(Class<T> pType)
> { return Collections.emptySet(); }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to