[jboss-user] [EJB 3.0] - Re: @RunAs doesn't work in JBossAS 4.2.3?

Thu, 16 Apr 2009 12:21:00 -0700 

I researched this a little more.  My example above is actually wrong.  I tried 
to simplify my actual problem, and simplified it too far.

According to EJB 3.0 Section 17.2.5.2:
anonymous wrote : 
  | Note that isCallerInRole(String roleName) tests the principal that 
represents the
  | caller of the enterprise bean, not the principal that corresponds to the 
run-as security identity
  | for the bean, if any.
  | 

So my above example will never print true in a compliant container.

However my real problem is actually the more complex example (properly using 
RunAs):


  | public interface CalleeSessionBean {
  |     public void execute();
  | }
  |     


  | @Stateless
  | @TransactionManagement(TransactionManagementType.CONTAINER)
  | @Remote(CalleeSessionBean.class)
  | @Local(CalleeSessionBean.class)
  | public class CalleeSessionBeanImpl implements CalleeSessionBean {
  |     @Resource
  |     private SessionContext context;
  | 
  |     public void execute() {
  |         System.out.println("CallerPrincipal: " + 
context.getCallerPrincipal().getName());
  |         System.out.println("CallerInRole(testRole): " + 
context.isCallerInRole("CallerRole"));     
  |     }
  | }
  | 


  | public interface CallerSessionBean {
  |     public void execute();
  | }
  |     



  | @Stateless
  | @TransactionManagement(TransactionManagementType.CONTAINER)
  | @Remote(CallerSessionBean.class)
  | @Local(CallerSessionBean.class)
  | @RunAs("CallerRole")
  | public class CallerSessionBeanImpl implements CallerSessionBean {
  |     @Resource
  |     private SessionContext context;
  | 
  |     public void execute() {
  |     InitialContext initialContext = new InitialContext();
  |     CalleeSessionBean callee = 
initialContext.lookup("CalleeSessionBean/local");
  |     callee.execute();  
  |     }
  | }
  | 

In this case, the Callee still prints false, despite the fact it should have 
aquired the RunAs CallerRole.

I traced through the code and the problem is due to 
https://jira.jboss.org/jira/browse/EJBTHREE-741, a defect in the 
RunAsSecurityInterceptor.  Even though the issue claims it was applied to AS 
4.2.0, it does not appear to be.   It is however applied to the 5.0.0+ branches.

Bottom Line: the answer to my own question is: The @RunAs EJB 3.0 annotation is 
broken in the 4.2.x branches, but does work correctly in the 5.x branches.


View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4226028#4226028

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4226028
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to