Roles are not injected to Web socket session.

kather_oli Nov 8, 2017 2:56 AM

I have created my application on top of JBoss Wildfly 8.2. I use same JAAS authentication to authenticate both HTTP connection & Web Socket connection. As part login process, set of roles is injected to the authenticated session.

I have a EJB method with roles allowed annotation. When I try to access the bean method using JNDI lookup, If the method call is triggered from HTTP session (Servlet or struts action), JBoss allowed it. But if the method is invoked from Web socket server end point, JBoss throws EJBAccessException. I believe the roles are not injected into the Web socket session context.

Note: For servlet and struts action, I use FORM authentication. For web socket, I use BASIC authentication.

Can any one help on this?

Thanks in advance.

1. Re: Roles are not injected to Web socket session.

mchoma Nov 9, 2017 2:00 AM (in response to kather_oli)

That seems suspicious. Could you try the same with WildFly 11 Final if it is still present?
Actions
2. Re: Roles are not injected to Web socket session.

swd847 Nov 9, 2017 2:12 PM (in response to kather_oli)

This is a known issue: https://issues.jboss.org/browse/WFLY-3313 now that Elytron has been integrated it should be addressed in the next WF release.
1 of 1 people found this helpful
Actions
3. Re: Roles are not injected to Web socket session.

kather_oli Nov 10, 2017 1:16 AM (in response to swd847)

Thanks @Stuart Douglas. It is really helpful.
Actions

Go to original post