This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

EJB security Question  RSS feed

 
Bobby Anderson
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an EJB that uses a SecurityDomain and uses the @RolesAllowed annotation to secure the bean. When a user comes into that bean it goes through the login module as it should and creates all the roles and properly checks that the user has the correct Role(s). So everything works great from that end.

My problem is that I have quartz timer(s) setup to perform certain operations at certain intervals. Because these are quartz timers they are firing within the app server so there really is no user, therefore there is no one to authenticate or assign roles to. When these timers fire they call methods on the above secure bean. When that happens the call to the secure bean rightfully fails because the "user" (the app server) does not have the correct roles.

Has anyone ever run into this problem before?

Thanks,
Billy
 
Reza Rahman
author
Ranch Hand
Posts: 580
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Billy,

I have run into this before and have not found a satisfactory answer. You can try asking the Quartz folks if they have any plans around JAAS integration/know of a work-around? I think Flux has features to do this and integrate with app server security.

Hope it helps,
Reza
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!