This week's book giveaway is in the Server-Side JavaScript and NodeJS forum.
We're giving away four copies of Micro Frontends in Action and have Michael Geers on-line!
See this thread for details.
Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Confusion with "run-as" security identity

 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had some questions on this:
1.When w'd i use this?
2.What role s'd be assigned to the principal that executes this method? S'd it be the same as the one we specify in the <role> element?
3.Does it mean that the bean w'd throw an exception when executed by a Principal that does not belong to this role?
The spec also says that this does not affect the identities of the caller.
Does that mean that the caller (ie Prnicipal) need not belong to the role required by run-as ?
confused :-(
thanks.
 
krithika desai
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think it's a little clearer now.
We can define method permissions on a bean which has "run-As" security identity specified.
But If i make a call from one those methods to another bean then the principal that gets propogated to the other bean is not that of the client (caller).
Page 447:
"The deployer then assigns a security principal defined in the operational environment to be used as the principal for the run-as identity"
How w'd i do this?
Say i have a security identity like this
run-As --> "Administrator"

And say i have 3 principals assigned to "Administrator"
sachin,
saurav,
rahul
They all are "Administrator"s
Which is the principal that gets used when executing the method.
I do understand that if i do a
getPrincipal() inside one of those methods it wont be one of these 3! but the principal(ie the client) that actually executed this method in the first place.
thanks again.
 
Ranch Hand
Posts: 93
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess you should view it as follows:
the AdminBean is has a secured access available only to Administrator role.
the principals get checked when you call any method of AdminBean.
all beans and resource called by the AdminBean will see only the role from <run-as>.
 
I'm THIS CLOSE to ruling the world! Right after reading this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic