• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

@RunAS

 
Deepika Joshi
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
EJB3 In Action
page 210

Using @RunAs, we can temporarily assign a (CSR) role an (Admin) role so that the statistics-tracking EJB thinks an admin is invoking the method

@RunAS(ADMIN)
@RolesAllowed(CSR)
public void cancelBid( Bid bid, Item item){
}

I am bit confused here, RolesAllowed is CSR, so CSR can run this method (then why I need to use RunAs annotaion).

 
Remko Strating
Ranch Hand
Posts: 893
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It does mean that the role CSR is allowed to run this class as if it had the role Admin.
 
Deepika Joshi
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Remko,

thanks for reply but I did not understand the message, can you please explain (few more words please)...

this is example of declarative security, so I do not think coding of this method would check the role of user,
and role matters only at access of method,
@RollesAllowed(CSR), does it not mean that allow CSR to access this method, what is achived by running this method as ADMIN?

thanks....
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am bit confused here, RolesAllowed is CSR, so CSR can run this method

That's right.

then why I need to use RunAs annotaion

If you don't, this bean will be seen as being a CSR. If it tries to call a method from another bean which is restricted to ADMIN, it will fail. To avoid this, @RunAs can be used to tell other bean that the caller is actually using the ADMIN role. You can imagine the bean wearing a CSR cap, and putting an ADMIN cap over it.
 
Deepika Joshi
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks a lot for answering the question....

 
Hong Anderson
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By the way, the code is wrong, from errata:
Page 192 - Chapter 6 - 12th line from the top

REQUIRED_NEW should be REQUIRES_NEW

Change:
... @RunAS("ADMIN")
@RolesAllowed("CSR")
public void cancelBid(Bid bid, Item item) {...}
...
To:
... @RunAS("ADMIN")
@RolesAllowed("CSR")
public class BidManagerBean implements BidManager{
public void cancelBid(Bid bid, Item item) {...}
}
...

http://www.manning.com/panda/excerpt_errata.html
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic