aspose file tools
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Am I missing something??? Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Reply Bookmark "Am I missing something???" Watch "Am I missing something???" New topic
Author

Am I missing something???

Vijay Govind
Greenhorn

Joined: Oct 18, 2006
Posts: 27
posted private message
0
Quote
Folks

From a message driven bean, I make a call to a session bean. The caller of the MDB as you know is the container and in the called session bean if I make a call to the method like getCallerPrincipal() on the Session bean's context what will be the result? How can I access restrict such a call from MDB as container propably wont fit into any of the roles.

Thanks and please relieve me of this confusion.
Vijay.
Hafizur Rahman
Ranch Hand

Joined: Sep 05, 2002
Posts: 98
posted private message
0
Quote
Probably you will get an UNAUTHORIZED user principal (container implementation specific thing).

SCJP 2(94%), SCBCD 5.0(86%), SCDJWS(86%), SCEA 5 (I-73%, II/III-88%)
The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn. - Alvin Toffler
Ajay Natarajan
Greenhorn

Joined: Oct 24, 2004
Posts: 9
posted private message
0
Quote
you can use the security-identity flag and let the MDB run-as a defined role. You can also use the unchecked flag on the SB's methods.

SCJP 1.4, SCBCD 1.3, SCWCD 1.4, SCDJWS 5.0
Vijay Govind
Greenhorn

Joined: Oct 18, 2006
Posts: 27
posted private message
0
Quote
Thanks Ajay. But I dont think your answers are related to my question and I my question is about restricting and not about allowing.
Edvins Reisons
Ranch Hand

Joined: Dec 11, 2006
Posts: 364
posted private message
0
Quote
my feeling is that you are not supposed to put security restrictions on the container
Vijay Govind
Greenhorn

Joined: Oct 18, 2006
Posts: 27
posted private message
0
Quote
Hmmm...That might be it....Thanks a lot.
Lawrence Johnbosco
Greenhorn

Joined: Dec 03, 2006
Posts: 21
posted private message
0
Quote
Hi,

Just an idea.. If you don't want the MDB to invoke the Session bean, it means you are expecting only a certain roles to access the Session bean, In that scenario, you can specify the @RolesAllowed annotation in the Session Bean to enumerate the allowed application specific roles -- this will restrict the "anonymous" calls from the MDB.

Will that help..


Regards..Lawrence J
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Am I missing something???
 
Similar Threads
MDB and Stateless session bean combination
Method call on session bean
a MDB question
jboss not able to run BMP Bean
MDB + Entity Bean / MDB + SB + EB