glassfish
  1. glassfish
  2. GLASSFISH-18285

wrong caller principal in @PermitAll annotated call

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 3.1.1
    • Fix Version/s: future release
    • Component/s: security
    • Labels:
      None

      Description

      We are facing a problem, when an authenticated client calls a @PermitAll annotated method.
      The session context caller name is always ANONYMOUS instead of the authenticated user name. If we change the annotation to @RolesAllow(..) the caller name is correct.

      Here's a sample code:

       
      @Stateless
      @PermitAll
      public class A {
      
        @Resource
        private SessionContext ctx;
      
        public void methodA() {
          String principleName = ctx.getCallerPrinciple().getName();
        }
      }
      

      Is there a reason, why the caller name is not propagated?

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            JeffTancill
            Reporter:
            andydr
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: