• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Bear Bibeault
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Jj Roberts
  • Tim Holloway
  • Piet Souris
Bartenders:
  • Himai Minh
  • Carey Brown
  • salvin francis

MDB: problem using group as principal name when using @RunAs annotation

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am having a problem using group name as principal name when using @RunAs annotation in a message driven bean. I am not able to deploy the MDB.
I would like the code in my onMessage() method to be executed with a specific role/user, so I want to use the @RunAs annotation to achieve this.

I am running weblogic 10.3.5
I have created the following in weblogic console:
- Group "SampleGroup"
- User "SampleUser", member of "SampleGroup"

The MDB:


The ejb-jar.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd"
version="3.0">
<assembly-descriptor>
<security-role>
<description>
Sample Role.
</description>
<role-name>SampleRole</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>

The weblogic-ejb-jar.xml file:
<weblogic-ejb-jar xmlns="http://www.bea.com/ns/weblogic/10.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/10.0 http://www.bea.com/ns/weblogic/10.0/weblogic-ejb-jar.xsd">
<security-role-assignment>
<role-name>SampleRole</role-name>
<principal-name>SampleGroup</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>


when I try to deploy the MDB jar in weblogic , the following error is thrown:

Unable to deploy EJB: UIMAdapterMessageDrivenBean from UIMCartridgeManagementAdapterEJB.jar:
The run-as security principal, 'SampleGroup', chosen for the EJB 'UIMAdapterMessageDrivenBean(Application: inventory-adapter, EJBComponent: UIMCartridgeManagementAdapterEJB.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.


Instead of group name as principal name if I provide the user "SampleUser", every thing works fine and MDB works fine.

when we use run-as should the security principal always be user rather than a group. In that case how can I allow a certain group with a particular role execute onmessage.

rather than annotation I even tried using run-as attribute in the ejb-jar.xml , i.e

++<message-driven>++
++<ejb-name>UIMAdapterMessageDrivenBean</ejb-name>++
++<ejb-class>oracle.communications.inventory.cartridgemanagement.adapter.UIMAdapterMessageDrivenBean</ejb-class>++
++<transaction-type>Container</transaction-type>++
++<message-destination-type>javax.jms.Queue</message-destination-type>++
++<security-identity>++
++<run-as>++
++<role-name>SampleRole</role-name>++
++</run-as>++
++</security-identity>++
++</message-driven>++

but it doesn't make any difference. any help or pointer is appreciated
 
If somebody says you look familiar, tell them you are in porn. Or in these tiny ads:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic