glassfish
  1. glassfish
  2. GLASSFISH-18285

wrong caller principal in @PermitAll annotated call

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 3.1.1
    • Fix Version/s: future release
    • Component/s: security
    • Labels:
      None

      Description

      We are facing a problem, when an authenticated client calls a @PermitAll annotated method.
      The session context caller name is always ANONYMOUS instead of the authenticated user name. If we change the annotation to @RolesAllow(..) the caller name is correct.

      Here's a sample code:

       
      @Stateless
      @PermitAll
      public class A {
      
        @Resource
        private SessionContext ctx;
      
        public void methodA() {
          String principleName = ctx.getCallerPrinciple().getName();
        }
      }
      

      Is there a reason, why the caller name is not propagated?

        Activity

        andydr created issue -
        Joe Di Pol made changes -
        Field Original Value New Value
        Tags 3_1_2-exclude
        JeffTancill made changes -
        Assignee kumarjayanti [ kumarjayanti ] JeffTancill [ jefftancill ]
        JeffTancill made changes -
        Fix Version/s 4.0.1 [ 16061 ]
        JeffTancill made changes -
        Fix Version/s future release [ 11148 ]
        Fix Version/s 4.0.1 [ 16061 ]

          People

          • Assignee:
            JeffTancill
            Reporter:
            andydr
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: