I am having a problem with JBoss 3.2.6.
I have MDB's which must call secure stateless session beans to perform a task.
The MDB's use a <run-as> declaration which allows them to run at the proper
security level to make a call to a session bean method.
As an example, the MDB's are tagged with the following XDoclet:
* @ejb.security-identity run-as = "Administrator"
And the method in question is tagged with:
* @ejb.permission role-name = "Administrator"
The MDB is able to make it past the security interceptor and make it into the
session bean's method.
However within the method I need to do some slighlty more complex security
checking and I am attempting to use SessionContext.isCallerInRole to determine
the security level of the caller. Unfortunatley, a call like the following:
sessionContext.isCallerInRole("Administrator");
returns false.
Using <run-as>Administrator</run-as> would seem to imply that the caller would
be in the Administrator role.
Is it correct that isCallerInRole return false?
Is there any other way to get a security role associated with an MDB's
invocation of a bean method?
I searched the forum and saw others report this same issue, but I could not
find any resolution.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3865609#3865609
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3865609
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
