aspose file tools*
The moose likes EJB and other Java EE Technologies and the fly likes [EJB 3 in Action] Programmatic security and interceptors Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "[EJB 3 in Action] Programmatic security and interceptors" Watch "[EJB 3 in Action] Programmatic security and interceptors" New topic
Author

[EJB 3 in Action] Programmatic security and interceptors

Raf Szczypiorski
Ranch Hand

Joined: Aug 21, 2008
Posts: 383
Hi. On page 213, listing 6.7, there is a snippet:

Is this a bug or am I missing something - such method (getEJBContext()) doesn't exist in InvocationContext.

Moreover, when I inject EJBContext, isCallerInRole() returns false even though the user that invoked the bean, that in turn invoked the interceptor, really belongs to the role in question.
I do not to crosspost, so please see a specific post about this here:
http://forums.java.net/jive/thread.jspa?threadID=53410&tstart=0

I am using Glassfish V2 update 2.
Thanks.
[ November 14, 2008: Message edited by: Raf Szczypiorski ]
Reza Rahman
author
Ranch Hand

Joined: Feb 01, 2005
Posts: 580
    
    5
Raf,

Yep, it's a bug. It's in our errata already: http://www.manning.com/panda/. The getEJBContext() got removed from the final Java EE 5 API in favor of injecting the EJB context.

The error is weird though. Have you tried getting the principal? What does that get you?

Regards,
Reza

P.S.: Feel free to use the Manning Author Online forum for EJB 3 in Action for questions very specific to the book. That way, Debu can help too :-)


Independent Consultant — Author, EJB 3 in Action — Expert Group Member, Java EE 6 and EJB 3.1
Raf Szczypiorski
Ranch Hand

Joined: Aug 21, 2008
Posts: 383
I looked for the bug in the errata, couldn't find it. sorry to bring it up again.
The getUserPrincipal() works fine - it returns the username as expected.
Reza Rahman
author
Ranch Hand

Joined: Feb 01, 2005
Posts: 580
    
    5
Raf,

OK...I'll follow up again. I certainly remember forwarding this one to Manning...

As to the issue you are having, it might be some kind of role mapping problem. I'd try to debug the principal to see what's in it...the scenario you are mentioning is not that unusual and should work.

Regards,
Reza
Raf Szczypiorski
Ranch Hand

Joined: Aug 21, 2008
Posts: 383
Hi Reza,

I did some tests, and the results are:
* when a bean is invoked directly from a servlet, and it has an interceptor, the isCallerInRole() in that interceptor fails
* when a bean is called from another bean, and it has the same interceptor, the call succeeds as expected

So, when the interceptor is called in a "web context", it fails, and when it is called in "ejb context", it behaves right.

Should this happen, or maybe this is a bug in glassfish?

Anyone interested and capable of helping with this, please follow the link I gave to glassfish forums, the topic there has been updated and contains sources, built ear file and some debugging of glassfish internals description.
Manjula Weerasinghe
Greenhorn

Joined: Mar 15, 2010
Posts: 25

Hi Reza,

Errata for EJB 3 in action (http://www.manning.com/panda/excerpt_errata.html) book still does not show details about this error. I think it would be a great help for everyone who study this book if you can add this error to the errata.

Thanks & Regards,
Manjula


OCPJP 6, OCE JEE 6 JSP and Servlet Developer
 
jQuery in Action, 2nd edition
 
subject: [EJB 3 in Action] Programmatic security and interceptors