[GLASSFISH-18285] wrong caller principal in @PermitAll annotated call Created: 31/Jan/12  Updated: 25/Apr/14

Status: Open
Project: glassfish
Component/s: security
Affects Version/s: 3.1.1
Fix Version/s: future release

Type: Bug Priority: Major
Reporter: andydr Assignee: JeffTancill
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Tags: 3_1_2-exclude


We are facing a problem, when an authenticated client calls a @PermitAll annotated method.
The session context caller name is always ANONYMOUS instead of the authenticated user name. If we change the annotation to @RolesAllow(..) the caller name is correct.

Here's a sample code:

public class A {

  private SessionContext ctx;

  public void methodA() {
    String principleName = ctx.getCallerPrinciple().getName();

Is there a reason, why the caller name is not propagated?

Generated at Sun Mar 26 04:52:56 UTC 2017 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.