Description
Describe the bug
com.sun.ts.tests.connector.localTx.msginflow.MDBClientServletTest#testSICMsgPrincipal is looking for a message sent to com.sun.ts.tests.connector.mdb.MessageBean that should be delivered in a security context that has the "ADM" role. This is being tested under Glassfish7.
The role mapping looks correct in the ejb-jar.xml and sun-ejb-jar.xml files. Is there some additional security configuration that needs to be added?
tcks/apis/connector/src/main/java/com/sun/ts/tests/connector/mdb/msginflow_mdb_msginflow_ejb.xml
<ejb-jar xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
version="4.0" xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/ejb-jar_4_0.xsd">
<display-name>Ejb1</display-name>
<enterprise-beans>
<message-driven>
<display-name>MESSAGE_BEAN</display-name>
<ejb-name>MESSAGE_BEAN</ejb-name>
<ejb-class>com.sun.ts.tests.connector.mdb.MessageBean</ejb-class>
<messaging-type>com.sun.ts.tests.common.connector.util.TSMessageListenerInterface</messaging-type>
<transaction-type>Container</transaction-type>
<activation-config>
<activation-config-property>
<activation-config-property-name>destinationName</activation-config-property-name>
<activation-config-property-value>TSDestination</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>destinationType</activation-config-property-name>
<activation-config-property-value>java.lang.String</activation-config-property-value>
</activation-config-property>
</activation-config>
<security-role-ref>
<role-name>ADM</role-name>
<role-link>Administrator</role-link>
</security-role-ref>
<security-identity>
<use-caller-identity/>
</security-identity>
</message-driven>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>Administrator</role-name>
</security-role>
<container-transaction>
<method>
<ejb-name>MESSAGE_BEAN</ejb-name>
<method-name>onMessage</method-name>
<method-params>
<method-param>java.lang.String</method-param>
</method-params>
</method>
<trans-attribute>NotSupported</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
...tcks/apis/connector/src/main/java/com/sun/ts/tests/connector/mdb/msginflow_mdb_msginflow_ejb.jar.sun-ejb-jar.xml
<sun-ejb-jar>
<security-role-mapping>
<role-name>Administrator</role-name>
<principal-name>j2ee</principal-name>
</security-role-mapping>
<enterprise-beans>
<unique-id>1</unique-id>
<ejb>
<ejb-name>MESSAGE_BEAN</ejb-name>
<jndi-name>MESSAGE_BEAN</jndi-name>
<pass-by-reference>false</pass-by-reference>
<jms-max-messages-load>1</jms-max-messages-load>
<ior-security-config>
<transport-config>
<integrity>supported</integrity>
<confidentiality>supported</confidentiality>
<establish-trust-in-target>supported</establish-trust-in-target>
<establish-trust-in-client>supported</establish-trust-in-client>
</transport-config>
<as-context>
<auth-method>username_password</auth-method>
<realm>default</realm>
<required>true</required>
</as-context>
<sas-context>
<caller-propagation>supported</caller-propagation>
</sas-context>
</ior-security-config>
<is-read-only-bean>false</is-read-only-bean>
<refresh-period-in-seconds>-1</refresh-period-in-seconds>
<gen-classes/>
<mdb-resource-adapter>
<resource-adapter-mid>whitebox-tx</resource-adapter-mid>
</mdb-resource-adapter>
</ejb>
</enterprise-beans>
</sun-ejb-jar>To Reproduce
Steps to reproduce the behavior:
Run the com.sun.ts.tests.connector.localTx.msginflow.MDBClientServletTest#testSICMsgPrincipal in the glassfish-runner/connector-platform-tck subproject.