This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Am I missing something??? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Am I missing something???" Watch "Am I missing something???" New topic
Author

Am I missing something???

Vijay Govind
Greenhorn

Joined: Oct 18, 2006
Posts: 27
Folks

From a message driven bean, I make a call to a session bean. The caller of the MDB as you know is the container and in the called session bean if I make a call to the method like getCallerPrincipal() on the Session bean's context what will be the result? How can I access restrict such a call from MDB as container propably wont fit into any of the roles.

Thanks and please relieve me of this confusion.
Vijay.
Hafizur Rahman
Ranch Hand

Joined: Sep 05, 2002
Posts: 98
Probably you will get an UNAUTHORIZED user principal (container implementation specific thing).


SCJP 2(94%), SCBCD 5.0(86%), SCDJWS(86%), SCEA 5 (I-73%, II/III-88%)
The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn. - Alvin Toffler
Ajay Natarajan
Greenhorn

Joined: Oct 24, 2004
Posts: 9
you can use the security-identity flag and let the MDB run-as a defined role. You can also use the unchecked flag on the SB's methods.


SCJP 1.4, SCBCD 1.3, SCWCD 1.4, SCDJWS 5.0
Vijay Govind
Greenhorn

Joined: Oct 18, 2006
Posts: 27
Thanks Ajay. But I dont think your answers are related to my question and I my question is about restricting and not about allowing.
Edvins Reisons
Ranch Hand

Joined: Dec 11, 2006
Posts: 364
my feeling is that you are not supposed to put security restrictions on the container
Vijay Govind
Greenhorn

Joined: Oct 18, 2006
Posts: 27
Hmmm...That might be it....Thanks a lot.
Lawrence Johnbosco
Greenhorn

Joined: Dec 03, 2006
Posts: 21
Hi,

Just an idea.. If you don't want the MDB to invoke the Session bean, it means you are expecting only a certain roles to access the Session bean, In that scenario, you can specify the @RolesAllowed annotation in the Session Bean to enumerate the allowed application specific roles -- this will restrict the "anonymous" calls from the MDB.

Will that help..


Regards..Lawrence J
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Am I missing something???
 
Similar Threads
MDB and Stateless session bean combination
Method call on session bean
MDB + Entity Bean / MDB + SB + EB
a MDB question
jboss not able to run BMP Bean