[ELY-2872] Security roles lost following failover

Skyllarr · Skyllarr · commit baea49db8cc0 · 2025-07-14T12:17:47.000+02:00
diff --git a/http/sso/src/main/java/org/wildfly/security/http/util/sso/DefaultSingleSignOn.java b/http/sso/src/main/java/org/wildfly/security/http/util/sso/DefaultSingleSignOn.java
@@ -23,6 +23,7 @@
 import java.util.AbstractMap.SimpleImmutableEntry;
 import java.util.Collections;
 import java.util.Map;
+import java.util.Set;
 
 import org.wildfly.security.auth.server.SecurityIdentity;
 import org.wildfly.security.cache.CachedIdentity;
@@ -70,6 +71,11 @@ public SecurityIdentity getIdentity() {
         return this.entry.getCachedIdentity().getSecurityIdentity();
     }
 
+    @Override
+    public Set<String> getRoles() {
+        return this.entry.getCachedIdentity().getRoles();
+    }
+
     @Override
     public void setIdentity(SecurityIdentity identity) {
         // Only set cached identity if it has not already been set
diff --git a/http/sso/src/main/java/org/wildfly/security/http/util/sso/DefaultSingleSignOnSession.java b/http/sso/src/main/java/org/wildfly/security/http/util/sso/DefaultSingleSignOnSession.java
@@ -247,6 +247,6 @@ private static CachedIdentity getCachedIdentity(SingleSignOn sso) {
         String mechanism = sso.getMechanism();
         boolean programmatic = sso.isProgrammatic();
         SecurityIdentity identity = sso.getIdentity();
-        return (identity != null) ? new CachedIdentity(mechanism, programmatic, identity) : new CachedIdentity(mechanism, programmatic, new NamePrincipal(sso.getName()));
+        return (identity != null) ? new CachedIdentity(mechanism, programmatic, identity) : new CachedIdentity(mechanism, programmatic, new NamePrincipal(sso.getName()), sso.getRoles());
     }
 }
diff --git a/http/sso/src/main/java/org/wildfly/security/http/util/sso/ImmutableSingleSignOn.java b/http/sso/src/main/java/org/wildfly/security/http/util/sso/ImmutableSingleSignOn.java
@@ -19,6 +19,7 @@
 
 import java.net.URI;
 import java.util.Map;
+import java.util.Set;
 
 import org.wildfly.security.auth.server.SecurityIdentity;
 
@@ -58,6 +59,12 @@ public interface ImmutableSingleSignOn {
      */
     SecurityIdentity getIdentity();
 
+    /**
+     * Returns the roles of the principal associated with this single sign-on entry.
+     * @return principal roles
+     */
+    Set<String> getRoles();
+
     /**
      * Returns the participants associated with this single sign-on entry.
      * @return an unmodifiable mapping of application identifier to a tuple of the session identifier and request URI

Original file line number	Diff line number	Diff line change
`@@ -247,6 +247,6 @@ private static CachedIdentity getCachedIdentity(SingleSignOn sso) {`
`247`	`247`	`String mechanism = sso.getMechanism();`
`248`	`248`	`boolean programmatic = sso.isProgrammatic();`
`249`	`249`	`SecurityIdentity identity = sso.getIdentity();`
`250`		`- return (identity != null) ? new CachedIdentity(mechanism, programmatic, identity) : new CachedIdentity(mechanism, programmatic, new NamePrincipal(sso.getName()));`
	`250`	`+ return (identity != null) ? new CachedIdentity(mechanism, programmatic, identity) : new CachedIdentity(mechanism, programmatic, new NamePrincipal(sso.getName()), sso.getRoles());`
`251`	`251`	`}`
`252`	`252`	`}`