You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomee.apache.org by Jean-Louis Monteiro <jl...@tomitribe.com> on 2021/04/23 09:07:33 UTC

Re: [jira] [Commented] (TOMEE-3725) Returns invalid principal - Java EE Security - Inject javax.security.enterprise.SecurityContext

The download zip/tar.gz are available over here.
Pick the latest possible build at the bottom of the page

https://repository.apache.org/content/groups/snapshots/org/apache/tomee/apache-tomee/8.0.7-SNAPSHOT/

Mind that we have some Maven issues with our build. So the build might be
broken.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Fri, Apr 23, 2021 at 10:58 AM Pramod (Jira) <ji...@apache.org> wrote:

>
>     [
> https://issues.apache.org/jira/browse/TOMEE-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17330228#comment-17330228
> ]
>
> Pramod commented on TOMEE-3725:
> -------------------------------
>
> Can you please let us know where can I download 8.0.7-SNAPSHOT?
>
> > Returns invalid principal -   Java EE Security - Inject
> javax.security.enterprise.SecurityContext
> >
> -------------------------------------------------------------------------------------------------
> >
> >                 Key: TOMEE-3725
> >                 URL: https://issues.apache.org/jira/browse/TOMEE-3725
> >             Project: TomEE
> >          Issue Type: Bug
> >          Components: TomEE Core Server
> >    Affects Versions: 8.0.6
> >            Reporter: Pramod
> >            Priority: Major
> >             Fix For: 8.0.6
> >
> >
> > We used apache-tomee-plume-8.0.6 for this issue reproduce.
> > We use our own JASPIC implementation for security, which works fine so
> far. It creates a CallerPrincipalCallback with subject and our own
> AuthenticatedUser principal. But if we call in an EJB
> ctx.getCallerPrincipal we get "GenericPrincipal"
> > "getCallerPrincipal >[TomcatUser:
> GenericPrincipal[XXXXX(JFOXXXST.administrator,JFOXXXST.users,)]]"
> >
> > & NOT AuthenticatedUser principal- It seems our REQUIRED principal is
> not propagated correctly from servlet container to EJB container, the same
> works fine in OpenLiberty 21.0.0.X
> >
> > After spending some more check in security - looks
> like tomee-security-8.0.6.jar has below implementation which is returning
> empty set - is this expected? or future implementation will be provided?
> >  public Principal getCallerPrincipal()
> >  {
> >  return this.securityService.getCallerPrincipal();
> >  }
> > public <T extends Principal> Set<T> getPrincipalsByType(Class<T> pType)
> > { return Collections.emptySet(); }
>
>
>
> --
> This message was sent by Atlassian Jira
> (v8.3.4#803005)
>