aspose file tools*
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes ejb security problem   with  isCallerInRole() Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "ejb security problem   with  isCallerInRole()" Watch "ejb security problem   with  isCallerInRole()" New topic
Author

ejb security problem with isCallerInRole()

mohan dodderi
Ranch Hand

Joined: Aug 23, 2004
Posts: 69
hi
i am mohandodderi, i am trying to execute the ejb security example . i am checking for security role(isCallerInRole) but it is returning FALSE .
code is written like this ..pls tell me what is the wrong with this code


IN DEPLOYMENT DESCRIPTER


<entity>
<description/>
<display-name>ADDRESSEJB</display-name>
<ejb-name>ADDRESSEJB</ejb-name>
<home>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSHome</home>
<remote>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESS</remote>
<local-home>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSLocalHome</local-home>
<local>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSLocal</local>
<ejb-class>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSBean</ejb-class>
<persistence-type>Bean</persistence-type>
<prim-key-class>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSPK</prim-key-class>
<reentrant>False</reentrant>
<security-role-ref>
<description>
This security role should be assigned to the
employees of the payroll department who are
allowed to update employees� salaries.
</description>
<role-name>location</role-name>
<role-link>location-department</role-link>
</security-role-ref>

<resource-ref>
<res-ref-name>SQLServerPool</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</entity>


<assembly-descriptor>
<security-role>
<description>This role includes the employees of the
enterprise who are allowed to access the
employee self-service application. This role
is allowed only to access his/her owninformation.
</description>
<role-name>location-department</role-name>
</security-role>


<method-permission>
<role-name>location-department</role-name>
<method>
<ejb-name>ADDRESSEJB</ejb-name>
<method-name>data</method-name>
</method>
</method-permission>

</assembly-descriptor>




method implementation in entitybean is as fallows



public void data()
{
EJBObject obj = ctx.getEJBObject();
if(ctx.isCallerInRole("location"))
{
System.out.println(" true ");
}
else
{
System.out.println(" false ");
}
}


it is helpfull if u give clue to me

regards
Mohandodderi
Rahul Mishra
Ranch Hand

Joined: Jan 22, 2006
Posts: 211
Hi,

You need to associate the user with this particular role.

This is something which is done by the Deployer and would not be a part of this xml.

You need to check this in your security policy file. Typically when you get authenticated into the system much before accessing the EJB's ..your principal should be associated with the role. I think this isn't an EJB issue..may be some veterans can comment as well


OCMJEA/SCEA, SCDJWS, SCBCD 1.3, SCJP 1.4
My SCEA experience:http://javalogue.blogspot.com/
Frederic Esnault
Ranch Hand

Joined: Feb 13, 2006
Posts: 284
Hi,

I'm not a veteran but I think Rahul is right.

Before your security works, you must associate a security realm to your application, and in this security realm, create a login/password/role for your user.

After, when you login in your application, your Principal will be associated with the role you specify in the security realm.

Up to you to match the security role in the ejb-jar.xml and the role in your security realm, then match the role-link to the role-name (this you did), and you should get a nice "true" answer


SCJP 5 - SCWCD 1.4 - SCBCD 1.3 - Certification study documents/resources: http://esnault.frederic.free.fr/certification
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: ejb security problem with isCallerInRole()