[jboss-user] [EJB 3.0] - Re: @RunAs doesn't work in JBossAS 4.2.3?

amcdowell do-not-reply at jboss.com
Thu Apr 16 15:18:55 EDT 2009 

I researched this a little more.  My example above is actually wrong.  I tried to simplify my actual problem, and simplified it too far.

According to EJB 3.0 Section 17.2.5.2:
anonymous wrote : 
  | Note that isCallerInRole(String roleName) tests the principal that represents the
  | caller of the enterprise bean, not the principal that corresponds to the run-as security identity
  | for the bean, if any.
  | 

So my above example will never print true in a compliant container.

However my real problem is actually the more complex example (properly using RunAs):


  | public interface CalleeSessionBean {
  |     public void execute();
  | }
  | 	


  | @Stateless
  | @TransactionManagement(TransactionManagementType.CONTAINER)
  | @Remote(CalleeSessionBean.class)
  | @Local(CalleeSessionBean.class)
  | public class CalleeSessionBeanImpl implements CalleeSessionBean {
  |     @Resource
  |     private SessionContext context;
  | 
  |     public void execute() {
  |         System.out.println("CallerPrincipal: " + context.getCallerPrincipal().getName());
  |         System.out.println("CallerInRole(testRole): " + context.isCallerInRole("CallerRole"));     
  |     }
  | }
  | 


  | public interface CallerSessionBean {
  |     public void execute();
  | }
  | 	



  | @Stateless
  | @TransactionManagement(TransactionManagementType.CONTAINER)
  | @Remote(CallerSessionBean.class)
  | @Local(CallerSessionBean.class)
  | @RunAs("CallerRole")
  | public class CallerSessionBeanImpl implements CallerSessionBean {
  |     @Resource
  |     private SessionContext context;
  | 
  |     public void execute() {
  | 	InitialContext initialContext = new InitialContext();
  | 	CalleeSessionBean callee = initialContext.lookup("CalleeSessionBean/local");
  | 	callee.execute();  
  |     }
  | }
  | 

In this case, the Callee still prints false, despite the fact it should have aquired the RunAs CallerRole.

I traced through the code and the problem is due to https://jira.jboss.org/jira/browse/EJBTHREE-741, a defect in the RunAsSecurityInterceptor.  Even though the issue claims it was applied to AS 4.2.0, it does not appear to be.   It is however applied to the 5.0.0+ branches.

Bottom Line: the answer to my own question is: The @RunAs EJB 3.0 annotation is broken in the 4.2.x branches, but does work correctly in the 5.x branches.


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4226028#4226028

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4226028

More information about the jboss-user mailing list