Lets have 2 stateless session beans A and B. also there is servlet which invokes method on Bean A which further invokes method on Bean B. consider following snippets of code and DD.
SessionBean A :
Session Bean B :
this is my web.xml
in the glassfish security realm/domain i have created a group named test with 2 users namely ammu and anuj. in the dd above i have mapped role guest to this group name test. also i have a role admin mapped to principal guru. now when i invoke my servlet i get the following exception :
however if i dont use <group-name> tag in <security-role-mapping> and instead use <principal-name> then it works fine .
what i was testing is how does RunAs works ? specifically, say i specify @RunAs("guest") on session bean A. now lets say there are more than one principal/user with role as guest(for that i created a group). now when we invoke method of SessionBean A it will run as identity guest(no matter what was the role of original caller when we invoked servlet). and the same identity will be passed on to SessionBean B. now i wanted to check in session bean B what does SessionContext.getCallerPrincipal().getName() returned, since there are 2 prinicipals with role guest. ?
Maybe I am missing something but how do you authenticate to the web application? (I don't see a <auth-constraint> and also no <login-config> element)
now i wanted to check in session bean B what does SessionContext.getCallerPrincipal().getName() returned, since there are 2 prinicipals with role guest. ?
The Principal's name is not changed, it will be the name that was given when authentication took place. The role name however will be different (you can verify this with boolean isCallerInRole(java.lang.String roleName)