[jboss-user] [EJB 3.0] - @RunAs doesn't work in JBossAS 4.2.3?

amcdowell do-not-reply at jboss.com
Fri Apr 10 18:10:14 EDT 2009

I'm trying to convert some our session beans to EJB 3.0 prior to an AS 5.0 upgrade, and we use JAAS heavily in our server.

When I have the code:

  | public interface TestSessionBean {
  |     public void execute();
  | }

  | @TransactionManagement(TransactionManagementType.CONTAINER)
  | @Remote(TestSessionBean.class)
  | @Local(TestSessionBean.class)
  | @RunAs("testRole")
  | public class TestSessionBeanImpl implements TestSessionBean {
  |     @Resource
  |     private SessionContext context;
  |     public void execute() {
  |         System.out.println("CallerPrincipal: " + context.getCallerPrincipal().getName());
  |         System.out.println("CallerInRole(testRole): " + context.isCallerInRole("testRole"));     
  |     }
  | }

The bean is deployed correctly and can be invoked, but it prints "false", the caller is not in the "testRole", despite the RunAs annotation.

When I look through the 4.2.3 code, it looks like their may be a fence-post problem in org.jboss.security.SecurityAssociation$RunAsThreadLocalStack.peek() (Line 686), because the "testRole" RunAsIdentity is in the stack at the [1] position, null is at the [0] position, and it only looks at [0] and then exits because the depth is now 2.

Is this to correct behavior?  Did something change about RunAs for EJB 3.0?  

A similar configuration in an assembly descriptor granted the role to the bean it was defined for in the EJB 2.x version.

I also looked in JIRA and didn't see a bug directly about this problem.  I may try a preemptive upgrade to 5.0 and just see if the problem is resolved there.


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4224953#4224953

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4224953

More information about the jboss-user mailing list