[jboss-user] [EJB 3.0] - @RunAsPrincipal annotation missing from EJB 3.0 spec?

scotto do-not-reply at jboss.com
Thu Nov 16 04:12:49 EST 2006 

I could be wrong, but it seems to me that the EJB 3.0 security annotations are missing the ability to force an EJB to run using more than one security role. The @RunAs annotation assigns a SINGLE role to the methods called by a bean, but what do we do when we want to give a bean MULTIPLE security roles?

For example, consider the case where we have an MDB processing incoming JMS messages. We want this bean to be able to call other EJBs, and these beans may each have their own security role requirements.

Assume we have 3 levels of security: User, Supervisor, Admin. In addition to these roles, we want 'Supervisor' level users to also have access to general 'User' privilege methods, and 'Admin' users to have access to all roles.

If we use @RunAs("Supervisor") on our MDB, then it cannot access other beans with methods marked as @RolesAllowed({"User"}), as we cannot specify multiple @RunAs annotations on the one class!


Now, according to this page:

http://wiki.jboss.org/wiki/Wiki.jsp?page=RunAsIdentityCreation

we can simulate this behavior using the XML deployment descriptor to assign multiple roles to Principals, like this:

anonymous wrote : <ejb-jar>
  | ...
  | 	<assembly-descriptor>
  | ...
  | 		<security-role>
  | 			<role-name>User</role-name>
  | 			<principal-name>user</principal-name>
  | 			<principal-name>supervisor</principal-name>
  | 			<principal-name>admin</principal-name>
  | 		</security-role>
  | 		<security-role>
  | 			<role-name>Supervisor</role-name>
  | 			<principal-name>supervisor</principal-name>
  | 			<principal-name>admin</principal-name>
  | 		</security-role>
  | 		<security-role>
  | 			<role-name>Admin</role-name>
  | 			<principal-name>admin</principal-name>
  | 		</security-role>
  | 	</assembly-descriptor>
  | </ejb-jar>

And then marking each bean explicitly:

anonymous wrote : <message-driven>
  |     ...
  |     <security-identity>
  |       <run-as-principal>supervisor</run-as-principal>
  |     </security-identity>
  |     ...
  | </message-driven>

which I would like to avoid, if possible, as I would rather keep this configuration information in EJB3 style annotations (all my other configuration up until this point is annotation-only).


Am I right in coming to these conclusions? If so, it would seem that:

 1. @RunAs should be renamed to @RunAsRole as this is more meaningful (and less confusing).
 2. A new annotation @RunAsPrincipal should be added so we can access this behavior.

or, alternatively, a third solution exists:

 3. @RunAs could be extended to support multiple rules - e.g. @RunAsRoles({"User","Supervisor"})


What do you guys think?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3986422#3986422

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3986422

More information about the jboss-user mailing list