• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Junilu Lacar
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Ganesh Patekar
  • Tim Moores
  • Pete Letkeman
  • Stephan van Hulst
Bartenders:
  • Carey Brown
  • Tim Holloway
  • Joe Ess

@RunAS  RSS feed

 
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
EJB3 In Action
page 210

Using @RunAs, we can temporarily assign a (CSR) role an (Admin) role so that the statistics-tracking EJB thinks an admin is invoking the method

@RunAS(ADMIN)
@RolesAllowed(CSR)
public void cancelBid( Bid bid, Item item){
}

I am bit confused here, RolesAllowed is CSR, so CSR can run this method (then why I need to use RunAs annotaion).

 
Ranch Hand
Posts: 893
Java Tomcat Server Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It does mean that the role CSR is allowed to run this class as if it had the role Admin.
 
Deepika Joshi
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Remko,

thanks for reply but I did not understand the message, can you please explain (few more words please)...

this is example of declarative security, so I do not think coding of this method would check the role of user,
and role matters only at access of method,
@RollesAllowed(CSR), does it not mean that allow CSR to access this method, what is achived by running this method as ADMIN?

thanks....
 
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am bit confused here, RolesAllowed is CSR, so CSR can run this method


That's right.

then why I need to use RunAs annotaion


If you don't, this bean will be seen as being a CSR. If it tries to call a method from another bean which is restricted to ADMIN, it will fail. To avoid this, @RunAs can be used to tell other bean that the caller is actually using the ADMIN role. You can imagine the bean wearing a CSR cap, and putting an ADMIN cap over it.
 
Deepika Joshi
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks a lot for answering the question....

 
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By the way, the code is wrong, from errata:

Page 192 - Chapter 6 - 12th line from the top

REQUIRED_NEW should be REQUIRES_NEW

Change:
... @RunAS("ADMIN")
@RolesAllowed("CSR")
public void cancelBid(Bid bid, Item item) {...}
...
To:
... @RunAS("ADMIN")
@RolesAllowed("CSR")
public class BidManagerBean implements BidManager{
public void cancelBid(Bid bid, Item item) {...}
}
...


http://www.manning.com/panda/excerpt_errata.html
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!