Hello,
Sorry for the confusion. Name is not the problem. I used the same
'administrator' for both the role and userName in my application. Renamed
them in my email to try to avoid any confusion.
It might be related to the lack of another layer of indirect mapping in EJB
<security-role-ref>.
Anyway I don't think hard-coded programmatic security check is a good
approach. Instead of using isCallerInRole(), I tried another method
isDeleteScheduleSuperUser() in my Session Facade:
private boolean isDeleteScheduleSuperUser() {
try {
deleteScheduleSuperUser();
} catch (Exception e ) {
// bury the exception
return false;
}
return true;
}
public void deleteScheduleSuperUser() {
}
The deleteScheduleSuperUser() has to be published in the remote interface
and define the method permission in deployment descriptors.
Thanks.
Denis
-----Original Message-----
From: A mailing list for Enterprise JavaBeans development
[mailto:[EMAIL PROTECTED] Behalf Of Evan Ireland
Sent: Monday, June 23, 2003 4:08 PM
To: [EMAIL PROTECTED]
Subject: Re: ejbSessionContext.isCallerInRoll()
Denis,
You have used two differtent names for the role. What happens if you call:
getSessionContext().isCallerInRole("administrator") ?
> -----Original Message-----
> From: A mailing list for Enterprise JavaBeans development
> [mailto:[EMAIL PROTECTED] Behalf Of Denis Wang
> Sent: Tuesday, 24 June 2003 7:42 a.m.
> To: [EMAIL PROTECTED]
> Subject: ejbSessionContext.isCallerInRoll()
>
>
> Hi, all,
>
> I encounter the following problem when I debug a session facade:
> getSessionContext().getCallerPrincipal().getName()
> (debug value: "administratorUser" )
> getSessionContext().isCallerInRole("administratorRole")
> (debug value: false, which is not what I expected)
>
> The logged in user 'administratorUser' is believed to be in the role of
> 'administratorRole'.
> For example,
> <method-permission>
> <role-name>administrator</role-name>
> <method>
> <ejb-name>ScheduleSessionFacadeEJB</ejb-name>
> <method-intf>Remote</method-intf>
> <method-name>deleteSchedule</method-name>
> </method>
> </method-permission>
>
> If I comment out the line
> <role-name>administrator</role-name>
> the administratorUser will trigger an exception when trying to
> "deleteSchedule".
>
> It seems to me, the declarative Container Manager Security works, but my
> programmatic security check fails. It is weird.
>
> Could anyone shed some lights please?
> Thanks.
> Denis
>
> ==================================================================
> =========
> To unsubscribe, send email to [EMAIL PROTECTED] and include
> in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
