Description of problem:
The RemotingContext should be copied for async EJB calls.
This can cause Asynchronous EJB invocations to fail when the EJB is protected by a security-domain that uses the RemotingLoginModule for authentication.
client --> nodeX --- (remoting) --> nodeY (Asyc Method)
The asynch ejb calls are started by a stateless ejb on nodeY. The RemotingLoginModule is handling the authentication for the node X to node Y EJB invocations.
This normally works fine.
However, this appears to fail when there is a JAAS cache miss by the thread that is carrying out the asynchronous invocation. At that point, the login module stack will be invoked again, but the RemotingLoginModule will fail to authenticate the user since the async thread doesn't have the context to authenticate the user (SecurityActions.remotingContextGetConnection() returns null which causes the login module to return false from the login() method). This authentication failure will result in the Invalid User error when the call reaches the EJB layer.
I updated the pull request:
I tested this change on EAP 6.3.3 and it resolves the issue.
Please provide test (as discussed with Carlo) to include this in CP01 payload.
I will qa_ack afterwards.
PR with a test-case:
Created another PR, the previous one was filed against a wrong target branch.
qa_acking, thank you for the test
Verified in EAP 6.4.1.CR2.
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.