File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

ejb security problem with isCallerInRole()

 
mohan dodderi
Ranch Hand
Posts: 69
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi
i am mohandodderi, i am trying to execute the ejb security example . i am checking for security role(isCallerInRole) but it is returning FALSE .
code is written like this ..pls tell me what is the wrong with this code


IN DEPLOYMENT DESCRIPTER


<entity>
<description/>
<display-name>ADDRESSEJB</display-name>
<ejb-name>ADDRESSEJB</ejb-name>
<home>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSHome</home>
<remote>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESS</remote>
<local-home>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSLocalHome</local-home>
<local>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSLocal</local>
<ejb-class>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSBean</ejb-class>
<persistence-type>Bean</persistence-type>
<prim-key-class>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSPK</prim-key-class>
<reentrant>False</reentrant>
<security-role-ref>
<description>
This security role should be assigned to the
employees of the payroll department who are
allowed to update employees� salaries.
</description>
<role-name>location</role-name>
<role-link>location-department</role-link>
</security-role-ref>

<resource-ref>
<res-ref-name>SQLServerPool</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</entity>


<assembly-descriptor>
<security-role>
<description>This role includes the employees of the
enterprise who are allowed to access the
employee self-service application. This role
is allowed only to access his/her owninformation.
</description>
<role-name>location-department</role-name>
</security-role>


<method-permission>
<role-name>location-department</role-name>
<method>
<ejb-name>ADDRESSEJB</ejb-name>
<method-name>data</method-name>
</method>
</method-permission>

</assembly-descriptor>




method implementation in entitybean is as fallows



public void data()
{
EJBObject obj = ctx.getEJBObject();
if(ctx.isCallerInRole("location"))
{
System.out.println(" true ");
}
else
{
System.out.println(" false ");
}
}


it is helpfull if u give clue to me

regards
Mohandodderi
 
Rahul Mishra
Ranch Hand
Posts: 211
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

You need to associate the user with this particular role.

This is something which is done by the Deployer and would not be a part of this xml.

You need to check this in your security policy file. Typically when you get authenticated into the system much before accessing the EJB's ..your principal should be associated with the role. I think this isn't an EJB issue..may be some veterans can comment as well
 
Frederic Esnault
Ranch Hand
Posts: 284
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm not a veteran but I think Rahul is right.

Before your security works, you must associate a security realm to your application, and in this security realm, create a login/password/role for your user.

After, when you login in your application, your Principal will be associated with the role you specify in the security realm.

Up to you to match the security role in the ejb-jar.xml and the role in your security realm, then match the role-link to the role-name (this you did), and you should get a nice "true" answer
 
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic