Merge pull request wildfly#3578 from JiriOndrusek/WFCORE-4192_EJB-per…

…mission-check [WFCORE-4192] Server-server EJB invocation fails if no security is de…
codylerum · Nov 9, 2018 · 794c886 · 794c886
2 parents 7070847 + 8df95c5
commit 794c886
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/...anagement/src/main/java/org/jboss/as/domain/management/security/SecurityRealmService.java b/...anagement/src/main/java/org/jboss/as/domain/management/security/SecurityRealmService.java
@@ -320,7 +320,7 @@ public RealmIdentity getRealmIdentity(Evidence evidence) throws RealmUnavailable
         saslAuthenticationFactory = saslBuilder.build();
     }
 
-    private static PermissionVerifier createPermissionVerifier() {
+    public static PermissionVerifier createPermissionVerifier() {
         PermissionVerifier permissionVerifier = LoginPermission.getInstance();
         for (String permissionName : ADDITIONAL_PERMISSION) {
             try {

diff --git a/remoting/subsystem/src/main/java/org/jboss/as/remoting/RemotingHttpUpgradeService.java b/remoting/subsystem/src/main/java/org/jboss/as/remoting/RemotingHttpUpgradeService.java
@@ -33,6 +33,7 @@
 import io.undertow.server.handlers.ChannelUpgradeHandler;
 
 import org.jboss.as.controller.OperationContext;
+import org.jboss.as.domain.management.security.SecurityRealmService;
 import org.jboss.as.network.SocketBinding;
 import org.jboss.as.remoting.logging.RemotingLogger;
 import org.jboss.msc.service.Service;
@@ -47,7 +48,6 @@
 import org.jboss.remoting3.Endpoint;
 import org.jboss.remoting3.UnknownURISchemeException;
 import org.jboss.remoting3.spi.ExternalConnectionProvider;
-import org.wildfly.security.auth.permission.LoginPermission;
 import org.wildfly.security.auth.server.MechanismConfiguration;
 import org.wildfly.security.auth.server.SaslAuthenticationFactory;
 import org.wildfly.security.auth.server.SecurityDomain;
@@ -193,7 +193,7 @@ public synchronized void start(final StartContext context) throws StartException
                 final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
                 domainBuilder.addRealm("default", SecurityRealm.EMPTY_REALM).build();
                 domainBuilder.setDefaultRealmName("default");
-                domainBuilder.setPermissionMapper((permissionMappable, roles) -> LoginPermission.getInstance());
+                domainBuilder.setPermissionMapper((permissionMappable, roles) -> SecurityRealmService.createPermissionVerifier());
                 final SaslAuthenticationFactory.Builder authBuilder = SaslAuthenticationFactory.builder();
                 authBuilder.setSecurityDomain(domainBuilder.build());
                 authBuilder.setFactory(new AnonymousServerFactory());