• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security, run-as and other stuff

 
Mirko Bonasorte
Ranch Hand
Posts: 244
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Greetings,
I have a great confusion about security.

Let's suppose that:
1. There's a stateless session bean A with methodA()
2. There's a stateless session bean B with methodB()
3. There's a stateless session bean C with methodC()
4. There's a client which runs as user 'JavaRanchUser' and role 'Rancher'
and invokes A.methodA()
5. methodA() invokes B.methodB()
6. methodB() invokes C.methodC()
7. B.methodB() has @RunAs("Sheriff")

Now, what is the result of the getCallerPrincipal(), isUserInRole("Rancher") and isUserInRole("Sheriff") during the execution of methodA(), methodB() and methodC()?

Thanks in advances
 
nitin pai
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In all the methods, getCallerPrincipal() will return "JavaRanchUser", isUerInRole("Rancher") will return true and isUserInRole("Sheriff") will return false.

Even I had this confusion, which Christophe cleared it here: http://www.coderanch.com/t/163793/java-EJB-SCBCD/certification/security-violation

Is my answer right, Christophe?
 
Mirko Bonasorte
Ranch Hand
Posts: 244
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Great! Thanks!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic