File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes ejb security problem   with  isCallerInRole() Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "ejb security problem   with  isCallerInRole()" Watch "ejb security problem   with  isCallerInRole()" New topic

ejb security problem with isCallerInRole()

mohan dodderi
Ranch Hand

Joined: Aug 23, 2004
Posts: 69
i am mohandodderi, i am trying to execute the ejb security example . i am checking for security role(isCallerInRole) but it is returning FALSE .
code is written like this ..pls tell me what is the wrong with this code


This security role should be assigned to the
employees of the payroll department who are
allowed to update employees� salaries.


<description>This role includes the employees of the
enterprise who are allowed to access the
employee self-service application. This role
is allowed only to access his/her owninformation.



method implementation in entitybean is as fallows

public void data()
EJBObject obj = ctx.getEJBObject();
System.out.println(" true ");
System.out.println(" false ");

it is helpfull if u give clue to me

Rahul Mishra
Ranch Hand

Joined: Jan 22, 2006
Posts: 211

You need to associate the user with this particular role.

This is something which is done by the Deployer and would not be a part of this xml.

You need to check this in your security policy file. Typically when you get authenticated into the system much before accessing the EJB's ..your principal should be associated with the role. I think this isn't an EJB issue..may be some veterans can comment as well

My SCEA experience:
Frederic Esnault
Ranch Hand

Joined: Feb 13, 2006
Posts: 284

I'm not a veteran but I think Rahul is right.

Before your security works, you must associate a security realm to your application, and in this security realm, create a login/password/role for your user.

After, when you login in your application, your Principal will be associated with the role you specify in the security realm.

Up to you to match the security role in the ejb-jar.xml and the role in your security realm, then match the role-link to the role-name (this you did), and you should get a nice "true" answer

SCJP 5 - SCWCD 1.4 - SCBCD 1.3 - Certification study documents/resources:
I agree. Here's the link:
subject: ejb security problem with isCallerInRole()
It's not a secret anymore!