Why does JBoss EAP 6 and 7 lose the run-as (@RunAs) identity when an unsecured EJB is in the call stack?
Issue
Why does JBoss EAP 6 and 7 lose the run-as (@RunAs) identity when an unsecured EJB is in the call stack?
unsecured web app (RunAs: JBossAdmin) -> unsecured HelloBean EJB -> secured GoodBye EJB (RolesAllowed: JBossAdmin)
This will fail (access to the GoodBye EJB is denied) as the unsecured ejb causes the RunAs identity to get dropped/lost.
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6
- 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
