Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Confusion with "run-as" security identity

 
krithika desai
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had some questions on this:
1.When w'd i use this?
2.What role s'd be assigned to the principal that executes this method? S'd it be the same as the one we specify in the <role> element?
3.Does it mean that the bean w'd throw an exception when executed by a Principal that does not belong to this role?
The spec also says that this does not affect the identities of the caller.
Does that mean that the caller (ie Prnicipal) need not belong to the role required by run-as ?
confused :-(
thanks.
 
krithika desai
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think it's a little clearer now.
We can define method permissions on a bean which has "run-As" security identity specified.
But If i make a call from one those methods to another bean then the principal that gets propogated to the other bean is not that of the client (caller).
Page 447:
"The deployer then assigns a security principal defined in the operational environment to be used as the principal for the run-as identity"
How w'd i do this?
Say i have a security identity like this
run-As --> "Administrator"

And say i have 3 principals assigned to "Administrator"
sachin,
saurav,
rahul
They all are "Administrator"s
Which is the principal that gets used when executing the method.
I do understand that if i do a
getPrincipal() inside one of those methods it wont be one of these 3! but the principal(ie the client) that actually executed this method in the first place.
thanks again.
 
Andrew Perepelytsya
Ranch Hand
Posts: 93
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess you should view it as follows:
the AdminBean is has a secured access available only to Administrator role.
the principals get checked when you call any method of AdminBean.
all beans and resource called by the AdminBean will see only the role from <run-as>.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic