File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes EJB and other Java EE Technologies and the fly likes MDB: problem using group as principal name when using @RunAs annotation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "MDB: problem using group as principal name when using @RunAs annotation " Watch "MDB: problem using group as principal name when using @RunAs annotation " New topic
Author

MDB: problem using group as principal name when using @RunAs annotation

sriram puvvada
Greenhorn

Joined: Nov 19, 2006
Posts: 1
I am having a problem using group name as principal name when using @RunAs annotation in a message driven bean. I am not able to deploy the MDB.
I would like the code in my onMessage() method to be executed with a specific role/user, so I want to use the @RunAs annotation to achieve this.

I am running weblogic 10.3.5
I have created the following in weblogic console:
- Group "SampleGroup"
- User "SampleUser", member of "SampleGroup"

The MDB:


The ejb-jar.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd"
version="3.0">
<assembly-descriptor>
<security-role>
<description>
Sample Role.
</description>
<role-name>SampleRole</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>

The weblogic-ejb-jar.xml file:
<weblogic-ejb-jar xmlns="http://www.bea.com/ns/weblogic/10.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/10.0 http://www.bea.com/ns/weblogic/10.0/weblogic-ejb-jar.xsd">
<security-role-assignment>
<role-name>SampleRole</role-name>
<principal-name>SampleGroup</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>


when I try to deploy the MDB jar in weblogic , the following error is thrown:

Unable to deploy EJB: UIMAdapterMessageDrivenBean from UIMCartridgeManagementAdapterEJB.jar:
The run-as security principal, 'SampleGroup', chosen for the EJB 'UIMAdapterMessageDrivenBean(Application: inventory-adapter, EJBComponent: UIMCartridgeManagementAdapterEJB.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.


Instead of group name as principal name if I provide the user "SampleUser", every thing works fine and MDB works fine.

when we use run-as should the security principal always be user rather than a group. In that case how can I allow a certain group with a particular role execute onmessage.

rather than annotation I even tried using run-as attribute in the ejb-jar.xml , i.e

++<message-driven>++
++<ejb-name>UIMAdapterMessageDrivenBean</ejb-name>++
++<ejb-class>oracle.communications.inventory.cartridgemanagement.adapter.UIMAdapterMessageDrivenBean</ejb-class>++
++<transaction-type>Container</transaction-type>++
++<message-destination-type>javax.jms.Queue</message-destination-type>++
++<security-identity>++
++<run-as>++
++<role-name>SampleRole</role-name>++
++</run-as>++
++</security-identity>++
++</message-driven>++

but it doesn't make any difference. any help or pointer is appreciated
 
Consider Paul's rocket mass heater.
 
subject: MDB: problem using group as principal name when using @RunAs annotation
 
Similar Threads
JTA Transaction time out Vs EJB Timeout
SessionContext#isCallerInRole(-) /w <security-role> but /wo @DeclareRoles
error with weblogic-ejb-jar.xml, please help URGENT
EJB Security Access
Message Driven Bean security problems