You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Pramod (Jira)" <ji...@apache.org> on 2021/04/23 04:34:00 UTC
[jira] [Updated] (TOMEE-3725) Returns empty set on
javax.security.enterprise.SecurityContext -Principal> Set
getPrincipalsByType(Class pType)
[ https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pramod updated TOMEE-3725:
--------------------------
Description:
We used apache-tomee-plume-8.0.6 for this issue reproduce.
We use our own JASPIC implementation for security, which works fine so far. It creates a CallerPrincipalCallback with subject and our own AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal we get "GenericPrincipal"
"getCallerPrincipal >[TomcatUser: GenericPrincipal[XXXXX(JFOXXXST.administrator,JFOXXXST.users,)]]"
& NOT AuthenticatedUser principal- It seems our REQUIRED principal is not propagated correctly from servlet container to EJB container, the same works fine in OpenLiberty 21.0.0.X
After spending some more check in security - looks like tomee-security-8.0.6.jar has below implementation which is returning empty set - is this expected? or future implementation will be provided?
public Principal getCallerPrincipal()
{
return this.securityService.getCallerPrincipal();
}
public <T extends Principal> Set<T> getPrincipalsByType(Class<T> pType)
{ return Collections.emptySet(); }
was:
We used apache-tomee-plume-8.0.6 for this issue reproduce.
We use our own JASPIC implementation for security, which works fine so far. It creates a CallerPrincipalCallback with subject and our own AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal we get "GenericPrincipal"
"getCallerPrincipal >[TomcatUser: GenericPrincipal[XXXXX(JFOXXXST.administrator,JFOXXXST.users,)]]"
& NOT AuthenticatedUser principal- It seems our REQUIRED principal is not propagated correctly from servlet container to EJB container, the same works fine in OpenLiberty 21.0.0.X
After spending some more check in security - looks like tomee-security-8.0.6.jar has below implementation which is returning empty set - is this expected? or future implementation will be provided?
public <T extends Principal> Set<T> getPrincipalsByType(Class<T> pType)
{
return Collections.emptySet();
}
> Returns empty set on javax.security.enterprise.SecurityContext -Principal> Set<T> getPrincipalsByType(Class<T> pType)
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: TOMEE-3725
> URL: https://issues.apache.org/jira/browse/TOMEE-3725
> Project: TomEE
> Issue Type: Bug
> Components: TomEE Core Server
> Affects Versions: 8.0.6
> Reporter: Pramod
> Priority: Major
> Fix For: 8.0.6
>
>
> We used apache-tomee-plume-8.0.6 for this issue reproduce.
> We use our own JASPIC implementation for security, which works fine so far. It creates a CallerPrincipalCallback with subject and our own AuthenticatedUser principal. But if we call in an EJB ctx.getCallerPrincipal we get "GenericPrincipal"
> "getCallerPrincipal >[TomcatUser: GenericPrincipal[XXXXX(JFOXXXST.administrator,JFOXXXST.users,)]]"
>
> & NOT AuthenticatedUser principal- It seems our REQUIRED principal is not propagated correctly from servlet container to EJB container, the same works fine in OpenLiberty 21.0.0.X
>
> After spending some more check in security - looks like tomee-security-8.0.6.jar has below implementation which is returning empty set - is this expected? or future implementation will be provided?
> public Principal getCallerPrincipal()
> {
> return this.securityService.getCallerPrincipal();
> }
> public <T extends Principal> Set<T> getPrincipalsByType(Class<T> pType)
> { return Collections.emptySet(); }
--
This message was sent by Atlassian Jira
(v8.3.4#803005)