Win a copy of High Performance Python for Data Analytics this week in the Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Bear Bibeault
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Jj Roberts
  • Carey Brown
Bartenders:
  • salvin francis
  • Frits Walraven
  • Piet Souris

@RunAS

 
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
EJB3 In Action
page 210

Using @RunAs, we can temporarily assign a (CSR) role an (Admin) role so that the statistics-tracking EJB thinks an admin is invoking the method

@RunAS(ADMIN)
@RolesAllowed(CSR)
public void cancelBid( Bid bid, Item item){
}

I am bit confused here, RolesAllowed is CSR, so CSR can run this method (then why I need to use RunAs annotaion).

 
Ranch Hand
Posts: 893
Tomcat Server Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It does mean that the role CSR is allowed to run this class as if it had the role Admin.
 
Deepika Joshi
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Remko,

thanks for reply but I did not understand the message, can you please explain (few more words please)...

this is example of declarative security, so I do not think coding of this method would check the role of user,
and role matters only at access of method,
@RollesAllowed(CSR), does it not mean that allow CSR to access this method, what is achived by running this method as ADMIN?

thanks....
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I am bit confused here, RolesAllowed is CSR, so CSR can run this method


That's right.

then why I need to use RunAs annotaion


If you don't, this bean will be seen as being a CSR. If it tries to call a method from another bean which is restricted to ADMIN, it will fail. To avoid this, @RunAs can be used to tell other bean that the caller is actually using the ADMIN role. You can imagine the bean wearing a CSR cap, and putting an ADMIN cap over it.
 
Deepika Joshi
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks a lot for answering the question....

 
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
By the way, the code is wrong, from errata:

Page 192 - Chapter 6 - 12th line from the top

REQUIRED_NEW should be REQUIRES_NEW

Change:
... @RunAS("ADMIN")
@RolesAllowed("CSR")
public void cancelBid(Bid bid, Item item) {...}
...
To:
... @RunAS("ADMIN")
@RolesAllowed("CSR")
public class BidManagerBean implements BidManager{
public void cancelBid(Bid bid, Item item) {...}
}
...


http://www.manning.com/panda/excerpt_errata.html
 
reply
    Bookmark Topic Watch Topic
  • New Topic