my dog learned polymorphism
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Am I missing something??? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Am I missing something???" Watch "Am I missing something???" New topic

Am I missing something???

Vijay Govind

Joined: Oct 18, 2006
Posts: 27

From a message driven bean, I make a call to a session bean. The caller of the MDB as you know is the container and in the called session bean if I make a call to the method like getCallerPrincipal() on the Session bean's context what will be the result? How can I access restrict such a call from MDB as container propably wont fit into any of the roles.

Thanks and please relieve me of this confusion.
Hafizur Rahman
Ranch Hand

Joined: Sep 05, 2002
Posts: 98
Probably you will get an UNAUTHORIZED user principal (container implementation specific thing).

SCJP 2(94%), SCBCD 5.0(86%), SCDJWS(86%), SCEA 5 (I-73%, II/III-88%)
The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn. - Alvin Toffler
Ajay Natarajan

Joined: Oct 24, 2004
Posts: 9
you can use the security-identity flag and let the MDB run-as a defined role. You can also use the unchecked flag on the SB's methods.

SCJP 1.4, SCBCD 1.3, SCWCD 1.4, SCDJWS 5.0
Vijay Govind

Joined: Oct 18, 2006
Posts: 27
Thanks Ajay. But I dont think your answers are related to my question and I my question is about restricting and not about allowing.
Edvins Reisons
Ranch Hand

Joined: Dec 11, 2006
Posts: 364
my feeling is that you are not supposed to put security restrictions on the container
Vijay Govind

Joined: Oct 18, 2006
Posts: 27
Hmmm...That might be it....Thanks a lot.
Lawrence Johnbosco

Joined: Dec 03, 2006
Posts: 21

Just an idea.. If you don't want the MDB to invoke the Session bean, it means you are expecting only a certain roles to access the Session bean, In that scenario, you can specify the @RolesAllowed annotation in the Session Bean to enumerate the allowed application specific roles -- this will restrict the "anonymous" calls from the MDB.

Will that help..

Regards..Lawrence J
I agree. Here's the link:
subject: Am I missing something???
It's not a secret anymore!