Win a copy of TensorFlow 2.0 in Action this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

Am I missing something???

 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Folks

From a message driven bean, I make a call to a session bean. The caller of the MDB as you know is the container and in the called session bean if I make a call to the method like getCallerPrincipal() on the Session bean's context what will be the result? How can I access restrict such a call from MDB as container propably wont fit into any of the roles.

Thanks and please relieve me of this confusion.
Vijay.
 
Ranch Hand
Posts: 98
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Probably you will get an UNAUTHORIZED user principal (container implementation specific thing).
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you can use the security-identity flag and let the MDB run-as a defined role. You can also use the unchecked flag on the SB's methods.
 
Vijay Govind
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ajay. But I dont think your answers are related to my question and I my question is about restricting and not about allowing.
 
Ranch Hand
Posts: 364
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
my feeling is that you are not supposed to put security restrictions on the container
 
Vijay Govind
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hmmm...That might be it....Thanks a lot.
 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Just an idea.. If you don't want the MDB to invoke the Session bean, it means you are expecting only a certain roles to access the Session bean, In that scenario, you can specify the @RolesAllowed annotation in the Session Bean to enumerate the allowed application specific roles -- this will restrict the "anonymous" calls from the MDB.

Will that help..


Regards..Lawrence J
 
The fastest and most reliable components of any system are those that are not there. Tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic