[SOLVED] javax.ejb.EJBAccessException Invalid User after log in with CustomAuthMechanism but I have permissions to page.xhtml

javax.ejb.EJBAccessException Invalid User after log in with CustomAuthMechanism but I have permissions to page.xhtml

Environment:

Jboss 7.2
Java 11

I try to call a method CompanyService.findFirst() with @RolesAllowed after I logged in through CustomAuthenticationMechanism but seems the EJBContainer does not know about my permissions. I loaded the page login-private.xhtml that shows that I have role AF_ADMIN but when I invoke findFirst() I get javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User

Should I grant or tell EJB about auth permissions?

Am I missing anything?

jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<jboss-app>
    <security-domain>jaspitest</security-domain>
</jboss-app>

CompanyService

@Stateless
@RolesAllowed("**")
public class CompanyService extends BusinessService<Company> implements CompanyServiceable {

    public CompanyService() {
        super(Company.class);
    }

    @Override
    public List<Company> findFirst() throws AppException {
        ...
    }
    ...

CustomAuthenticationMechanism

@AutoApplySession
@LoginToContinue
@ApplicationScoped
public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {

    @Inject
    private IdentityStoreHandler idStoreHandler;

    //@Override
    public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
        final String ticket = request.getParameter("ticket");

        if (ticket != null) {

            CredentialValidationResult result = idStoreHandler.validate(new UsernamePasswordCredential(ticket, Arrays.toString("LOGIN_PASSWORD")));

            if (result.getStatus() == VALID) {
                return httpMessageContext.notifyContainerAboutLogin(result);
            } else {
                return httpMessageContext.responseUnauthorized();
            }
        }

        return httpMessageContext.doNothing();
    }

}

login-private.xhtml shows I have AF_ADMIN

    ...
    <h1>Public</h1>
    <div class="alert alert-danger" role="alert">
        #{myBean.initBean()}
        <h:outputText value="inRole(AF_ADMIN): #{request.isUserInRole('AF_ADMIN')}"/><br/>
        <h:outputText value="requestURL: #{request.requestURL}"/><br/>
        <h:outputText value="headerNames: #{request.headerNames}"/><br/>
        #{requestScope['javax.servlet.error.status_code']}
        #{requestScope['javax.servlet.error.message']}<br/>
        #{messages['error.inesperat']}
    </div>
    ...

Solution

Jboss/Wildfly standalone configuration has default security domain to other that does not propagate authentication to ejb so, as a workaround, we can remove the following line from standalone.xml to get it work.

<!--default-security-domain value="other"/-->

And you can execute ejb method without any problem.