Here is the ticket: https://issues.apache.org/jira/browse/TOMEE-2118 Thank you for looking into this.
Regards, Kaloyan On Thu, Aug 17, 2017 at 1:16 PM, Jonathan Gallimore < jonathan.gallim...@gmail.com> wrote: > That looks like a bug. Looks like the role check doesn't work with the > RunAsRole that the TomcatSecurityService creates, and the @RunAs for EjbOne > doesn't seem to make it onto the stack. I haven't tried, but I suspect this > would work in an embedded fashion, i.e. like this example: > https://github.com/apache/tomee/tree/master/examples/testing-security. > > Can you file a JIRA ticket, and I'll attempt to patch that up? > > Many thanks > > Jon > > On Tue, Aug 15, 2017 at 2:49 PM, Jonathan Gallimore < > jonathan.gallim...@gmail.com> wrote: > > > Hi > > > > Thanks for your mail! I'll grab you example later today and take a look. > > > > Thanks > > > > Jon > > > > On Tue, Aug 15, 2017 at 2:20 PM, Kaloyan Spiridonov < > > k.i.spirido...@gmail.com> wrote: > > > >> Hello, > >> > >> I have the following scenario: > >> > >> Servlet -> EjbOne -> EjbTwo > >> My expectation is that @RunAs of the servlet will be propagated to > EjbOne > >> and the @RunAs of the EjbOne will be propagated to @EjbTwo. > >> But this does not happen - see the output below. When i remove @RunAs > >> annotation from the servlet the @RunAs of EjbOne is propagated > correctly. > >> > >> Actual output: > >> > >> EjbOne (Before EjbTwo) expected role: Manager, > isCallerInRole("Manager"): > >> false > >> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("VP"): > false > >> EjbOne (Before EjbTwo) expected role: Manager,) > >> isCallerInRole("Administrator"): false > >> EjbTwo expected role: VP, isCallerInRole("Manager"): false > >> EjbTwo expected role: VP, isCallerInRole("VP"): false > >> EjbTwo expected role: VP, isCallerInRole("Administrator"): false > >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("Manager"): > >> false > >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("VP"): > false > >> EjbOne (After EjbTwo) expected role: Manager, > >> isCallerInRole("Administrator"): false > >> > >> > >> Expected output: > >> > >> EjbOne (Before EjbTwo) expected role: Manager, > isCallerInRole("Manager"): > >> true > >> EjbOne (Before EjbTwo) expected role: Manager, isCallerInRole("VP"): > false > >> EjbOne (Before EjbTwo) expected role: Manager,) > >> isCallerInRole("Administrator"): false > >> EjbTwo expected role: VP, isCallerInRole("Manager"): false > >> EjbTwo expected role: VP, isCallerInRole("VP"): true > >> EjbTwo expected role: VP, isCallerInRole("Administrator"): false > >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("Manager"): > >> true > >> EjbOne (After EjbTwo) expected role: Manager, isCallerInRole("VP"): > false > >> EjbOne (After EjbTwo) expected role: Manager, > >> isCallerInRole("Administrator"): false > >> > >> Here is the source of the application: https://github.com/kal0ian/Exa > >> mples > >> > >> Regards, > >> Kaloyan > >> > > > > >