[jboss-jira] [JBoss JIRA] Created: (EJBTHREE-1037) fix RunAs principal propagation

William DeCoste (JIRA) jira-events at lists.jboss.org
Thu Aug 23 01:42:18 EDT 2007 

fix RunAs principal propagation
-------------------------------

                 Key: EJBTHREE-1037
                 URL: http://jira.jboss.com/jira/browse/EJBTHREE-1037
             Project: EJB 3.0
          Issue Type: Bug
    Affects Versions: AS 4.2.1.GA
            Reporter: William DeCoste
         Assigned To: William DeCoste


We decided it would the principal associated with the run-as identity.
In this case its anonymous unless overridden in the run-as config. This
is what the cts14 tests required. We used to return the original caller
principal, but with the need to assign multiple roles to the run-as
principal for the cts14 tests, we switched this to a separate run-as
principal. The ejb3-spec is a little more clear about there being a
run-as principal:

17.1:
The security principal under which a method invocation is performed is
typically that of the component's caller. By specifying a run-as
identity, however, it is possible to specify that a different principal
be substituted for the execution of the methods of the bean's business
interface, home interface, component interface, and/or web service
endpoint and any methods of other enterprise beans that the bean may
call.
This determines whether the caller principal is propagated from the
caller to the callee—that is, whether the called enterprise bean will
see the same returned value of the EJBContext.getCallerPrincipal
as the calling enterprise bean—or whether a security principal that has
been assigned to the specified security role will be used for the
execution of the bean's methods and will be visible as the
caller principal in the bean's callee.

17.3.4 Specification of Security Identities in the Deployment Descriptor
...
Because the Bean Provider and Application Assembler do not, in general,
know the security environment of the operational environment, the run-as
identity is designated by a logical role-name, which
corresponds to one of the security roles defined by the Bean Provider or
Application Assembler in the metadata annotations or deployment descriptor.
The Deployer then assigns a security principal defined in the
operational environment to be used as the principal for the run-as
identity. The security principal assigned by the Deployer should be a
principal that has been assigned to the security role specified by RunAs
annotation or by the role-name element of the run-as deployment
descriptor element.
The Bean Provider and/or Application Assembler is responsible for the
following in the specification of run-as identities:
• Use the RunAs metadata annotation or role-name element of the run-as
deployment descriptor element to define the name of the security role.
• Optionally, use the description element to provide a description of
the principal that is expected to be bound to the run-as identity in
terms of its security role.

17.4.3 Principal Delegation
The Deployer is responsible for configuring the principal delegation for
inter-component calls. The Deployer must follow any instructions
supplied by the Bean Provider and/or Application Assembler
(for example, provided in the RunAs metadata annotations, the run-as
elements of the deployment descriptor, in the description elements of
the annotations or deployment descriptor, or in a deployment manual).
If the security identity is defaulted, or it is explicitly specified
that the caller identity be used (e.g., use-caller-identity deployment
descriptor element is specified), the caller principal is propagated
from one component to another (i.e., the caller principal of the first
enterprise bean in a call-chain is passed to the enterprise beans down
the chain).
If the Bean Provider or Application Assembler specifies that a run-as
identity be used on behalf of a particular enterprise bean, the Deployer
must configure the enterprise beans such that the run-as principal is
used as the caller principal on any calls that the enterprise bean makes
to other beans, and that the run-as principal is propagated along the
call-chain of those other beans (in the absence of the specification of
any further run-as elements).

Anil Saldhana wrote:
> > Scott,
> >   Bill Decoste and I have a simple difference in understanding of
> > RunAsIdentity in relation to getCallerPrincipal
> > 
> > BeanA ->  BeanB
> > 
> > BeanA defines a RunAs annotation with a role.  No principal is attached
> > to this annotation (so we will take anonymous as the principal).
> > 
> > If a Principal  "anil"  invoked BeanA.  Then a method in BeanA called a
> > method in BeanB.
> > 
> > If BeanB does a getCallerPrincipal,  does it return "anonymous" that is
> > attached to run-as or it will return "Somebody"?   I am saying
> > "anonymous" and BillD says it is "anil".
> > 
> > My understanding is that RunAs does a security context switch and a
> > security-identity in ejb-jar.xml with <use-caller-identity> would
> > propogate.
> > 
> > Can you clarify, please?
> > 
> > Regards,
> > Anil
> > 



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list