[jboss-user] [EJB 3.0] - Re: @RunAs doesn't work in JBossAS 4.2.3?
amcdowell
do-not-reply at jboss.com
Thu Apr 16 15:18:55 EDT 2009
I researched this a little more. My example above is actually wrong. I tried to simplify my actual problem, and simplified it too far.
According to EJB 3.0 Section 17.2.5.2:
anonymous wrote :
| Note that isCallerInRole(String roleName) tests the principal that represents the
| caller of the enterprise bean, not the principal that corresponds to the run-as security identity
| for the bean, if any.
|
So my above example will never print true in a compliant container.
However my real problem is actually the more complex example (properly using RunAs):
| public interface CalleeSessionBean {
| public void execute();
| }
|
| @Stateless
| @TransactionManagement(TransactionManagementType.CONTAINER)
| @Remote(CalleeSessionBean.class)
| @Local(CalleeSessionBean.class)
| public class CalleeSessionBeanImpl implements CalleeSessionBean {
| @Resource
| private SessionContext context;
|
| public void execute() {
| System.out.println("CallerPrincipal: " + context.getCallerPrincipal().getName());
| System.out.println("CallerInRole(testRole): " + context.isCallerInRole("CallerRole"));
| }
| }
|
| public interface CallerSessionBean {
| public void execute();
| }
|
| @Stateless
| @TransactionManagement(TransactionManagementType.CONTAINER)
| @Remote(CallerSessionBean.class)
| @Local(CallerSessionBean.class)
| @RunAs("CallerRole")
| public class CallerSessionBeanImpl implements CallerSessionBean {
| @Resource
| private SessionContext context;
|
| public void execute() {
| InitialContext initialContext = new InitialContext();
| CalleeSessionBean callee = initialContext.lookup("CalleeSessionBean/local");
| callee.execute();
| }
| }
|
In this case, the Callee still prints false, despite the fact it should have aquired the RunAs CallerRole.
I traced through the code and the problem is due to https://jira.jboss.org/jira/browse/EJBTHREE-741, a defect in the RunAsSecurityInterceptor. Even though the issue claims it was applied to AS 4.2.0, it does not appear to be. It is however applied to the 5.0.0+ branches.
Bottom Line: the answer to my own question is: The @RunAs EJB 3.0 annotation is broken in the 4.2.x branches, but does work correctly in the 5.x branches.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4226028#4226028
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4226028
More information about the jboss-user
mailing list