aspose file tools*
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes query about RunAs annotation ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "query about RunAs annotation ?" Watch "query about RunAs annotation ?" New topic
Author

query about RunAs annotation ?

gurpeet singh
Ranch Hand

Joined: Apr 04, 2012
Posts: 924
    
    1

Lets have 2 stateless session beans A and B. also there is servlet which invokes method on Bean A which further invokes method on Bean B. consider following snippets of code and DD.

SessionBean A :



Session Bean B :





sun-web.xml DD




Servlet :



this is my web.xml





in the glassfish security realm/domain i have created a group named test with 2 users namely ammu and anuj. in the dd above i have mapped role guest to this group name test. also i have a role admin mapped to principal guru. now when i invoke my servlet i get the following exception :


|#]


however if i dont use <group-name> tag in <security-role-mapping> and instead use <principal-name> then it works fine .

what i was testing is how does RunAs works ? specifically, say i specify @RunAs("guest") on session bean A. now lets say there are more than one principal/user with role as guest(for that i created a group). now when we invoke method of SessionBean A it will run as identity guest(no matter what was the role of original caller when we invoked servlet). and the same identity will be passed on to SessionBean B. now i wanted to check in session bean B what does SessionContext.getCallerPrincipal().getName() returned, since there are 2 prinicipals with role guest. ?
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1696
    
  25

Hi!

Maybe I am missing something but how do you authenticate to the web application? (I don't see a <auth-constraint> and also no <login-config> element)

now i wanted to check in session bean B what does SessionContext.getCallerPrincipal().getName() returned, since there are 2 prinicipals with role guest. ?

The Principal's name is not changed, it will be the name that was given when authentication took place. The role name however will be different (you can verify this with boolean isCallerInRole(java.lang.String roleName)

Regards,
Frits
 
 
subject: query about RunAs annotation ?