Bug 983942

Summary: Security context is not propagated between service calls
Product: [JBoss] JBoss Fuse Service Works 6 Reporter: Jiri Pechanec <jpechane>
Component: SwitchYardAssignee: David Ward <dward>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Pechanec <jpechane>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.0 GACC: atangrin, kbabo, soa-p-jira
Target Milestone: ER7   
Target Release: 6.0.0   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
modified example none

Description Jiri Pechanec 2013-07-12 11:04:49 UTC
I have modified a policy-security-basic quickstart to contain one more service BackEndService that is called from WorkService.

If the BackEnd service does not contain a security policy, everything works fine. I set a policy to require authorization and then the example broken. According to enabled message trace there is a security context present in IN phase of WorkService

------- Begin Message Trace -------
Consumer -> {urn:switchyard-quickstart-demo:policy-security-basic:0.1.0}WorkService
Provider -> [unassigned]
Operation -> doWork
Phase -> IN
State -> OK
Exchange Context -> 
        org.switchyard.exchangeInitiatedNS.start : 27373040619054
        org.switchyard.bus.camel.replyHandler : org.switchyard.SynchronousInOutHandler@12028316
        org.switchyard.bus.camel.phase : IN
        org.switchyard.bus.camel.dispatcher : org.switchyard.bus.camel.ExchangeDispatcher@25bcdbcd
        org.switchyard.bus.camel.consumer : ServiceReference [name={urn:switchyard-quickstart-demo:policy-security-basic:0.1.0}WorkService, interface=BaseServiceInterface [type=wsdl, operations=[doWork : IN_OUT : [{urn:switchyard-quickstart-demo:policy-security-basic:0.1.0}doWork, {urn:switchyard-quickstart-demo:policy-security-basic:0.1.0}doWorkResponse, null]]], domain=ServiceDomain [name=null]]
        org.switchyard.bus.camel.securityContext : SecurityContext[credentials=[NameCredentialImpl [name=kermit], ConfidentialityCredential [confidential=true], PasswordCredentialImpl [password=**********]], securityDomainsToSubjects={}]
        org.switchyard.bus.camel.contract : org.switchyard.metadata.BaseExchangeContract@1cb6ceb5
        CamelCreatedTimestamp : Fri Jul 12 12:54:11 CEST 2013
        CamelToEndpoint : direct://%7Burn:switchyard-quickstart-demo:policy-security-basic:0.1.0%7DWorkService
Message Context -> 
        org.switchyard.bus.camel.labels : {org.switchyard.contentType=[org.switchyard.label.behavior.transient], org.switchyard.bus.camel.messageSent=[TRANSIENT]}
        org.switchyard.bus.camel.messageSent : true
        org.switchyard.messageId : ID-jpechane-44660-1373621375570-11-1
        org.switchyard.soap.messageName : doWork
        breadcrumbId : ID-jpechane-44660-1373621375570-11-1
        org.switchyard.contentType : {urn:switchyard-quickstart-demo:policy-security-basic:0.1.0}doWork
Message Content -> 
<?xml version="1.0" encoding="UTF-8"?><policy-security-basic:doWork xmlns:policy-security-basic="urn:switchyard-quickstart-demo:policy-security-basic:0.1.0">
------ End Message Trace -------

But when the BackEnd service is called then the security context is already missing

------- Begin Message Trace -------
Consumer -> {urn:switchyard-quickstart-demo:policy-security-basic:0.1.0}BackEndService
Provider -> [unassigned]
Operation -> process
Phase -> IN
State -> OK
Exchange Context -> 
        org.switchyard.bus.camel.dispatcher : org.switchyard.bus.camel.ExchangeDispatcher@69c99f97
        org.switchyard.bus.camel.phase : IN
        CamelCreatedTimestamp : Fri Jul 12 12:54:11 CEST 2013
        org.switchyard.bus.camel.labels : {org.switchyard.policy.required=[org.switchyard.label.behavior.transient]}
        CamelToEndpoint : direct://%7Burn:switchyard-quickstart-demo:policy-security-basic:0.1.0%7DBackEndService
        org.switchyard.bus.camel.contract : org.switchyard.metadata.BaseExchangeContract@455f2645
        org.switchyard.bus.camel.consumer : ServiceReference [name={urn:switchyard-quickstart-demo:policy-security-basic:0.1.0}BackEndService, interface=BaseServiceInterface [type=java, operations=[process : IN_OUT : [java:java.lang.String, java:java.lang.String, null]]], domain=ServiceDomain [name=null]]
        org.switchyard.exchangeInitiatedNS.start : 27373047075956
        org.switchyard.bus.camel.replyHandler : org.switchyard.SynchronousInOutHandler@340ca8c3
        org.switchyard.policy.required : [authorization]
Message Context -> 
        org.switchyard.contentType : java:java.lang.String
        org.switchyard.bus.camel.labels : {org.switchyard.contentType=[org.switchyard.label.behavior.transient], org.switchyard.bus.camel.messageSent=[TRANSIENT]}
        org.switchyard.bus.camel.messageSent : true
        org.switchyard.messageId : ID-jpechane-44660-1373621375570-11-3
        breadcrumbId : ID-jpechane-44660-1373621375570-11-3
Message Content -> 
------ End Message Trace -------
12:54:11,466 INFO  [org.switchyard.handlers.MessageTrace] (http-/

Comment 1 Jiri Pechanec 2013-07-12 11:05:31 UTC
Created attachment 772642 [details]
modified example

Comment 2 Keith Babo 2013-08-02 15:01:03 UTC
David - there are actually a number of things in play here:

1) Access to the security context itself in downstream services.
2) Interpretation of policy requirements for downstream services.

That second one is tricky since the downstream service could be a reference binding.  We should probably meet up on this and discuss some options to pull it all together.

Comment 3 David Ward 2013-08-09 14:30:07 UTC
I'm not saying this is desired behavior moving forward, but I will say this is EXPECTED behavior currently. Specifically, the SecurityContext is not propagated across Service boundaries.  Because I didn't know what people wanted originally, I went with the "more safe" option.  I can foresee, though, some kind of flag saying "propagate" the SecurityContext.  Yes, we should meet to talk about this.

Comment 8 JBoss JIRA Server 2013-10-24 14:57:03 UTC
Keith Babo <kbabo@redhat.com> made a comment on jira SWITCHYARD-1729


Comment 9 Jiri Pechanec 2013-12-18 09:33:56 UTC
Verified in ER7

Comment 10 JBoss JIRA Server 2014-06-16 23:48:39 UTC
Keith Babo <kbabo@redhat.com> updated the status of jira SWITCHYARD-1729 to Closed