OK just to close this thread off, for the benefit of the archives, here is
how I have been able to hard-code changes of principal into my bean
methods. It is actually the first thing I thought of trying - but when I
tried it I happened (by coincidence) to run into the MethodGuard bug which
threw me off the scent for a while. Sorry but I don't have time to make a
contribution for a configurable principal propagation policy mechanism in
Jonas!
The following is very dependent on the Jonas implementation, so you should
pepper your code with warnings to that effect. Just do e.g.:
public void ejbLoad() throws RemoteException
{
SecurityCurrent current = SecurityCurrent.getCurrent();
SecurityContext previousContext = current.getSecurityContext();
Random ran = new Random();
String sUsername = "intercomponentuser" + ran.nextLong() +
ran.nextLong() + ran.nextLong();
String[] roles = {"intercomponentrole"};
RoleMechanism.getInstance().addMapping(sUsername,roles);
SecurityContext adminSecCtx = new SecurityContext(sUsername);
current.setSecurityContext(adminSecCtx);
<go make some intercomponent calls>
current.setSecurityContext(previousContext);
}
Joe
-----Original Message-----
From: Joe Gittings [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, November 16, 2000 9:13 AM
To: 'Philippe Coq'
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'
Subject: RE: How to set the principal propagation policy for
inter-component calls in Jonas?
Philippe,
Thanks for clarifying this. Right now I'm working on being able to
hard-code changes of principal into bean methods. Not ideal, I know, and
probably at odds with the EJB spec, but it's a start.
Joe
-----Original Message-----
From: Philippe Coq [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, November 16, 2000 8:00 AM
To: Joe Gittings
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'
Subject: Re: How to set the principal propagation policy for
inter-component calls in Jonas?
Joe Gittings wrote:
>
> OK, more security questions... :) How do I set the principal
propagation
> policy for inter-component calls in Jonas? It says in the EJB spec:
>
> "15.2.1 Invocation of other enterprise beans
> ... The management of caller principals passed on enterprise bean
> invocations (i.e. principal delegation) is set up by the Deployer and
> System Administrator in a container-specific way. The Bean Provider and
> Application Assembler should describe all the requirements for the
caller's
> principal management of inter-enterprise bean invocations as part of the
> description".
>
> This clearly suggests that it should be possible to set a policy in the
> deployment descriptor for the propagation of the principal in
> inter-component calls. And looking around, it appears that some other
> containers (e.g. Websphere) do support this. Has this been implemented
yet,
> and if so how does one set it? There are certain inter-component calls
> where the default propagation policy (i.e. of the client principal)
doesn't
> suit me.
>
> BTW propagation of the client principal is working fine for me, I just
want
> to be able to override it...
>
> Joe
The spec suggest that different policies of propagation may be
implemented.
As usual we have decided to begin with a sample implementation,
so, we provide only the propagation policy but we are always open to
contributions.
Regards,
--
Philippe
Philippe Coq Evidian Phone: (33) 04 76 29 78 49
Bull S.A - 1 rue de Provence - 38432 Echirolles Cedex France
Download our EJBServer at http://www.objectweb.org
----
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe jonas-users".
For general help, send email to [EMAIL PROTECTED] and
include in the body of the message "help".
----
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe jonas-users".
For general help, send email to [EMAIL PROTECTED] and
include in the body of the message "help".
----
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe jonas-users".
For general help, send email to [EMAIL PROTECTED] and
include in the body of the message "help".
