Uploaded image for project: 'EJB 3.0'
  1. EJB 3.0
  2. EJBTHREE-1601

Introduce check for RunAs to bypass authentication

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 1.0.0-Beta8
    • Fix Version/s: 1.0.0-Beta9
    • Component/s: Security
    • Labels:
      None
    • Estimated Difficulty:
      Medium

      Description

      If a call comes to a container with an incoming RunAS, then the Java EE spec defines a role based approach. The authentication mechanism needs to be bypassed.

      Currently, the Identity Trust Framework (with its JavaEETrustModule) takes care of incoming run as but the ITF may not be enabled by default and may not be configured for all security domains.

      Hence bring back the explicit check for run-as in authentication interceptor.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  anil.saldhana Anil Saldanha
                  Reporter:
                  anil.saldhana Anil Saldanha
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: