posted 15 years ago
Greetings,
I have a great confusion about security.
Let's suppose that:
1. There's a stateless session bean A with methodA()
2. There's a stateless session bean B with methodB()
3. There's a stateless session bean C with methodC()
4. There's a client which runs as user 'JavaRanchUser' and role 'Rancher'
and invokes A.methodA()
5. methodA() invokes B.methodB()
6. methodB() invokes C.methodC()
7. B.methodB() has @RunAs("Sheriff")
Now, what is the result of the getCallerPrincipal(), isUserInRole("Rancher") and isUserInRole("Sheriff") during the execution of methodA(), methodB() and methodC()?
Thanks in advances