[jboss-user] [Security & JAAS/JBoss] - Calling protected ejb method from anoter
drfranknfurter
do-not-reply at jboss.com
Tue Feb 17 06:10:30 EST 2009
I need some help on the following scenario:
@RolesAllowed("role1")
ejb1.secureMethod1
@RolesAllowed("role2")
ejb2.secureMethod2
secureMethod2 has to be protected, but I have to call the method from ejb1. When I call it from ejb1 I want the container to ignore the security as the user possibly don't have the role. From a business point of view it is OK to call it from ejb1 without the role, but not from another place.
I have tried AccessController.doPrivileged with no success. It seems I misunderstood it's purpose.
I believe my security setup is correct as I am able to do this if the user has the required role, but fails if he doesn't.
Can anybody point me in the right direction?
Thank you in advance.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210637#4210637
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210637
More information about the jboss-user
mailing list