Propagating security identity from WAR subdeployment to EJB subdeployment

[Bence Kovács]

Hi,

We've been upgrading from WildFly 24 to 38, leaving behind the legacy security for elytron - oidc - keycloak auth. We are deploying an EAR with several WAR and EJB subdeployments. When we are calling EJBs via remoting everything works fine, but when we are calling a REST endpoint from a WAR that injects an EJB from an EJB subdeployment, the security identity is not propagated and we are getting an anonymous call. Ive written a stackoverflow post about it with the relevant standalone.xml bits.

https://stackoverflow.com/questions/79863661/propagate-security-context-from-war-to-other-subdeployments-within-ear-in-wildfl

Any help is appriciated!

Thanks!

[Bence Kovács]

Bumping in the hopes of someone can nudge me in the right direction. I've rebuilt the standalone.xml from scratch, read through the documentation and still can't figure out what could be the problem

[Diana Krepinska]

Hello, it is possible you are hitting a bug, consider submitting a jira issue. There are some bugs related to identity propagation, eg. https://issues.redhat.com/browse/ELY-2954 .