From ff91d94138c3a120c88b37f6620b366962e2c7c0 Mon Sep 17 00:00:00 2001
From: Diana Krepinska <skyllarr@gmail.com>
Date: Tue, 22 Nov 2022 13:05:29 +0100
Subject: [PATCH] Do not require a caller principal obtained from EJB to be
 assignable from CallerPrincipal

---
 .../soteria/authorization/spi/impl/SubjectParser.java          | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/impl/src/main/java/org/glassfish/soteria/authorization/spi/impl/SubjectParser.java b/impl/src/main/java/org/glassfish/soteria/authorization/spi/impl/SubjectParser.java
index a37e71d..bdb9708 100644
--- a/impl/src/main/java/org/glassfish/soteria/authorization/spi/impl/SubjectParser.java
+++ b/impl/src/main/java/org/glassfish/soteria/authorization/spi/impl/SubjectParser.java
@@ -514,7 +514,8 @@ private Principal getVendorCallerPrincipal(Principal principal, boolean isEjb) {
                 break;
         }
 
-        if (CallerPrincipal.class.isAssignableFrom(principal.getClass())) {
+        // do not require a principal from EJBContext to be assignable from CallerPrincipal
+        if (isEjb || CallerPrincipal.class.isAssignableFrom(principal.getClass())) {
             return principal;
         }