[jboss-dev-forums] [Design of EJB 3.0] - Re: Security Regressions in EJB3 TestSuite
wolfc
do-not-reply at jboss.com
Mon Mar 31 03:11:04 EDT 2008
"anil.saldhana at jboss.com" wrote : Your tests should just be setting the principal/cred. Why are you trying to get the callerPrincipal from SecurityAssociation? What happened to ejbcontext.getCallerPrincipal? When will the spaghetti ejb3 layer look edible? :)
As soon as you stop mucking in ejb3-core and create a clean separation in ejb3-security. EJBContext.getCallerPrincipal() should delegate to the security component (either directly or via plugin).
The only question is whether it is possible to test ejb3-security stand alone. (It should only be a question of how.)
"anil.saldhana at jboss.com" wrote : Regarding getting the latest principal on the securitycontext, the api that you quote looks good. But I still am at a loss as to why you are trying to retrieve the principal/caller principal in the tests. Please point me to the tests that are trying to do this. :)
I would rather see:
Hashtable<?, ?> environment = new Hashtable<?, ?>();
| environment.put(InitialContext.SECURITY_PRINCIPAL, "me");
| environment.put(InitialContext.SECURITY_CREDENTIALS, "creds"); // TODO: String?
| InitialContext ctx = new InitialContext(environment);
| ...
| ctx.close();
but that is a nice to have.
As to the 'why' in some tests, don't bother. As long as the test is valid it must work!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4139996#4139996
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4139996
More information about the jboss-dev-forums
mailing list