Am I missing something???

Folks

From a message driven bean, I make a call to a session bean. The caller of the MDB as you know is the container and in the called session bean if I make a call to the method like getCallerPrincipal() on the Session bean's context what will be the result? How can I access restrict such a call from MDB as container propably wont fit into any of the roles.

Thanks and please relieve me of this confusion.
Vijay.

Probably you will get an UNAUTHORIZED user principal (container implementation specific thing).

you can use the security-identity flag and let the MDB run-as a defined role. You can also use the unchecked flag on the SB's methods.

Thanks Ajay. But I dont think your answers are related to my question and I my question is about restricting and not about allowing.

my feeling is that you are not supposed to put security restrictions on the container

Hmmm...That might be it....Thanks a lot.

Hi,

Just an idea.. If you don't want the MDB to invoke the Session bean, it means you are expecting only a certain roles to access the Session bean, In that scenario, you can specify the @RolesAllowed annotation in the Session Bean to enumerate the allowed application specific roles -- this will restrict the "anonymous" calls from the MDB.

Will that help..


Regards..Lawrence J