Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

caller principal question from spec

 
Keith Rosenfield
Ranch Hand
Posts: 277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
In section 21.1 of the spec it says:
bean.) If the run-as element is specified, a security principal that has been assigned to the specified security role will be used for the execution of the bean�s methods and will be visible as the caller principal in the callee.

This statement seems to conflict with this statement found in section 21.2.5.1
Note that getCallerPrincipal() returns the principal that represents the caller of the enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any.

and with this statment found in section 21.2.5.2
Note that isCallerInRole(String roleName) tests the principal that represents the caller of the enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any.

Can anyone explain this apparent discrepancy?
Thanks,
 
Jacky Chow
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi Keith,
There are no conflicts, see the following example:
for the part of spec sestion 21.1
CallerEJB(run as Jacky)-----CalleeEJB(the caller principal Jacky is visible)
for the part of spec section 21.2.5.1
CallerEJB(run as Jacky)-----CalleeEJB(run as Keith, getCallerPrincipal() returns Jacky's Principal)
for the part of spec section 21.2.5.2
CallerEJB(run as Jacky)-----CalleeEJB(run as Keith, isCallerInRole("Jacky") returns true, isCallerInRole("Keith") returns false)
[ January 12, 2004: Message edited by: Jacky Chow ]
 
Keith Rosenfield
Ranch Hand
Posts: 277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jacky:
I'm still confused.
Let's say that for a particular bean that run-as has been declared in the deployment descriptor as follows

and Keith has been assigned as the security principal for the role of administrator.
Now let's say that a client running as Jacky calls a method of this bean. What would be returned by getCallerPrincipal in this method: Keith or Jacky?
Section 21.1 appears to suggest that Keith will be returned.
Section 21.2.5.1 appears to suggest that Jacky will be returned.

Is my understanding of these sections faulty?
[ January 12, 2004: Message edited by: Keith Rosenfield ]
[ January 12, 2004: Message edited by: Keith Rosenfield ]
[ January 12, 2004: Message edited by: Keith Rosenfield ]
 
Keith Rosenfield
Ranch Hand
Posts: 277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I just answered my own question. I was reading the spec incorrectly. Jacky, your answer was correct.
Thanks.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic