• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security - Principal & run-as-identity

 
Deepika Joshi
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Source - One of choice of a question from Whizlab.


Method getCallerPrincipal returns the principal represents the caller of EJB which is same as the principal that corresponds to run-as-secutiry identity of bean, if exists.
FALSE

Reason
It is not mandatory that principal that corresponds to run-as-identity for the bean should be same as principal that represents the caller of the bean.

Can someone please add few more words to the reason, bit hard to understand for me.

Thanks.
 
Ralph Jaus
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is not mandatory that principal that corresponds to run-as-identity for the bean should be same as principal that represents the caller of the bean.

In fact, the only reason for using a run-as-identity, is to perform subsequent bean invocations under a new principal / security role.

You may have a look at the code example in the following link: The principal that represents the caller of ABean has role "Guest" (at least if he should be allowed to invoke aMethod) while the run-as-identity corresponds to a principal with role "Admin".
 
Deepika Joshi
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry it's my mistake, I forgot the first rule of cert preparation.
"Read options carefully."

run-as-identity is @RunAs, I did not read & applied my mind carefully.

Thanks a lot for replying.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic