• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

ejb security problem with isCallerInRole()

 
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi
i am mohandodderi, i am trying to execute the ejb security example . i am checking for security role(isCallerInRole) but it is returning FALSE .
code is written like this ..pls tell me what is the wrong with this code


IN DEPLOYMENT DESCRIPTER


<entity>
<description/>
<display-name>ADDRESSEJB</display-name>
<ejb-name>ADDRESSEJB</ejb-name>
<home>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSHome</home>
<remote>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESS</remote>
<local-home>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSLocalHome</local-home>
<local>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSLocal</local>
<ejb-class>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSBean</ejb-class>
<persistence-type>Bean</persistence-type>
<prim-key-class>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSPK</prim-key-class>
<reentrant>False</reentrant>
<security-role-ref>
<description>
This security role should be assigned to the
employees of the payroll department who are
allowed to update employees� salaries.
</description>
<role-name>location</role-name>
<role-link>location-department</role-link>
</security-role-ref>

<resource-ref>
<res-ref-name>SQLServerPool</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</entity>


<assembly-descriptor>
<security-role>
<description>This role includes the employees of the
enterprise who are allowed to access the
employee self-service application. This role
is allowed only to access his/her owninformation.
</description>
<role-name>location-department</role-name>
</security-role>


<method-permission>
<role-name>location-department</role-name>
<method>
<ejb-name>ADDRESSEJB</ejb-name>
<method-name>data</method-name>
</method>
</method-permission>

</assembly-descriptor>




method implementation in entitybean is as fallows



public void data()
{
EJBObject obj = ctx.getEJBObject();
if(ctx.isCallerInRole("location"))
{
System.out.println(" true ");
}
else
{
System.out.println(" false ");
}
}


it is helpfull if u give clue to me

regards
Mohandodderi
 
Ranch Hand
Posts: 211
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

You need to associate the user with this particular role.

This is something which is done by the Deployer and would not be a part of this xml.

You need to check this in your security policy file. Typically when you get authenticated into the system much before accessing the EJB's ..your principal should be associated with the role. I think this isn't an EJB issue..may be some veterans can comment as well
 
Ranch Hand
Posts: 284
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I'm not a veteran but I think Rahul is right.

Before your security works, you must associate a security realm to your application, and in this security realm, create a login/password/role for your user.

After, when you login in your application, your Principal will be associated with the role you specify in the security realm.

Up to you to match the security role in the ejb-jar.xml and the role in your security realm, then match the role-link to the role-name (this you did), and you should get a nice "true" answer
 
I am not young enough to know everything. - Oscar Wilde This tiny ad thinks it knows more than Oscar:
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
https://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic