I try declarative authorization limit but it doesn't work. JBOSS is 4.0.4.GA.
I use FORM authentification and call stateless sesssion bean via servlet. The users and roles are set by DatabaseServerLoginModule. The users are mysql> select * from users; +----------+----------+ | username | passwd | +----------+----------+ | user1 | password | | user2 | password | | user3 | password | | manager | password | +----------+----------+ mysql> select * from userroles; +----------+-----------+ | username | userRoles | +----------+-----------+ | user1 | user | | user2 | user | | user3 | user | | manager | admin | +----------+-----------+ The propgram is tiny one. The method multi is allowed only "user" role. The method plus is allowed only "admin" role. The method minus is allowed any role. I executed program but manager is able to execute multi. And user1 is able to execute plus. No message comes from JBOSS. | package security.sample; | | import java.security.Principal; | | import javax.annotation.Resource; | import javax.annotation.security.PermitAll; | import javax.annotation.security.RolesAllowed; | import javax.ejb.SessionContext; | import javax.ejb.Stateless; | | | @Stateless | public class CalculatorBean implements Calculator { | | @Resource SessionContext ctx; | | @RolesAllowed("user") | public int multi(int value1, int value2) { | checkUser("multi"); | return value1 * value2; | } | | @RolesAllowed("admin") | public int plus(int value1, int value2) { | checkUser("plus"); | return value1 + value2; | } | | | @PermitAll | public int minus(int value1, int value2) { | checkUser("minus"); | return value1 - value2; | } | | private void checkUser(String methodName) { | System.out.println("method:" + methodName); | Principal caller = ctx.getCallerPrincipal(); | String name = caller.getName(); | System.out.println("name:" + name); | | | } | } | | Does anyone check declarative authorization ? Could you give me advices? Susumu View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953361#3953361 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3953361 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user