Permission issue in calling EJB from MDB

Question

We have recently switched from JAAS to Keycloak. Application is JavaEE application with EJBs & MDBs. Set keycloak login module in WildFly to propagate user from wen to EJB & it worked. But facing issue when an EJB is called from MDB. There is anonymoius user in MDB when message received. So that user don't have permission to invoke EJB protected by:

<s:security>
    <ejb-name>*</ejb-name>
    <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
    <s:security-domain>keycloak</s:security-domain>
</s:security>

In JAAS version, we have programmatic login using dedicated mdb user.

loginContext = new LoginContext("ldap", new CallbackHandler() {
     @Override
    public void handle(Callback[] callbacks) {
     ...
     }
 });
 loginContext.login();
 //Invoke EJB now as logged in user

This have user with required permission. Since now moved to Keycloak, this JAAS login code will not work. What is the option to prevent permission issue in calling EJB from MDB?

What do you mean with `keycloak login module`? Which adapter? How do you configure it? Are you able to retrieve the user session from the MDB? — Aritz, Jun 05 '18 at 12:31
It's wildfly adapter. Keycloak suggests to add a login module named "keycloak" in conf to propagate user from web layer to ejb. In MDB user us anonymous. U want to login as an application user and access ejb from there as that user. — Valsaraj Viswanathan, Jun 05 '18 at 15:42

Permission issue in calling EJB from MDB

0 Answers0