• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security question

 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Folks, could you please help me with this question :

"If the <run-as> security identity specifies a principal other than the caller of the enterprise bean , the method tests the principal that represents the one given by the <runs-as> identity." - FALSE.

- Explanation: " The isCallerInRole(roleString) tests the principal that represents the actual caller of the enterprise bean , not the principal that corresponds to the <run-as> security identity for the bean, if any."


Tks so much!!!
 
Awishek sinha
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Felipe Pittella:
Hi Folks, could you please help me with this question :

"If the <run-as> security identity specifies a principal other than the caller of the enterprise bean , the method tests the principal that represents the one given by the <runs-as> identity." - FALSE.

- Explanation: " The isCallerInRole(roleString) tests the principal that represents the actual caller of the enterprise bean , not the principal that corresponds to the <run-as> security identity for the bean, if any."


Tks so much!!!



Hi Felipe
I think with <run-as> is the additional priviledge given to an bean .(not to a role ) as it needs to acess other bean method which may require greater access control .
so any Principal with the some roles call this bean method which in turn call another bean method then only the principal will get assigned this additional role so isCallerInRole(..) tests the principal that represents the actual caller of the enterprise bean . Hope it helps..
Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic