We've started moving our application from 3.2.5 to 4.0.2 and I've encountered a problem with the way subjects are propagated in the presence of a run-as identity:
I have a stateless session bean configured with a run-as role to allow it to access the model layer of the application. In 3.2.5, calls made from this session bean propagated the Subject (with the run-as role instead of the callers role) to the callee, i.e. from the callee I could say SecurityAssociation.getSubject() and get the authenticated Subject associated with the original call to the session bean. In 4.0.2, that is no longer the case and SecurityAssociation.getSubject() simply returns null. Also, SecurityAssociation.getCallerPrincipal() returns a RunAsIdentity with the correct role but with "anonymous" Principal. My questions are: 1) Is this a bug? 2) Is there another way to propagate the (authenticated) Subject to the callee? Thanks, Peter Friis View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3884374#3884374 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3884374 ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
