• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

MDB: problem using group as principal name when using @RunAs annotation

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am having a problem using group name as principal name when using @RunAs annotation in a message driven bean. I am not able to deploy the MDB.
I would like the code in my onMessage() method to be executed with a specific role/user, so I want to use the @RunAs annotation to achieve this.

I am running weblogic 10.3.5
I have created the following in weblogic console:
- Group "SampleGroup"
- User "SampleUser", member of "SampleGroup"

The MDB:


The ejb-jar.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd"
version="3.0">
<assembly-descriptor>
<security-role>
<description>
Sample Role.
</description>
<role-name>SampleRole</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>

The weblogic-ejb-jar.xml file:
<weblogic-ejb-jar xmlns="http://www.bea.com/ns/weblogic/10.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/10.0 http://www.bea.com/ns/weblogic/10.0/weblogic-ejb-jar.xsd">
<security-role-assignment>
<role-name>SampleRole</role-name>
<principal-name>SampleGroup</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>


when I try to deploy the MDB jar in weblogic , the following error is thrown:

Unable to deploy EJB: UIMAdapterMessageDrivenBean from UIMCartridgeManagementAdapterEJB.jar:
The run-as security principal, 'SampleGroup', chosen for the EJB 'UIMAdapterMessageDrivenBean(Application: inventory-adapter, EJBComponent: UIMCartridgeManagementAdapterEJB.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.


Instead of group name as principal name if I provide the user "SampleUser", every thing works fine and MDB works fine.

when we use run-as should the security principal always be user rather than a group. In that case how can I allow a certain group with a particular role execute onmessage.

rather than annotation I even tried using run-as attribute in the ejb-jar.xml , i.e

++<message-driven>++
++<ejb-name>UIMAdapterMessageDrivenBean</ejb-name>++
++<ejb-class>oracle.communications.inventory.cartridgemanagement.adapter.UIMAdapterMessageDrivenBean</ejb-class>++
++<transaction-type>Container</transaction-type>++
++<message-destination-type>javax.jms.Queue</message-destination-type>++
++<security-identity>++
++<run-as>++
++<role-name>SampleRole</role-name>++
++</run-as>++
++</security-identity>++
++</message-driven>++

but it doesn't make any difference. any help or pointer is appreciated
 
Are you here to take over the surface world? Because this tiny ad will stop you!
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic