I am having a problem using group name as principal name when using @RunAs annotation in a message driven bean. I am not able to deploy the MDB.
I would like the code in my onMessage() method to be executed with a specific role/user, so I want to use the @RunAs annotation to achieve this.
I am running weblogic 10.3.5
I have created the following in weblogic console:
- Group "SampleGroup"
- User "SampleUser", member of "SampleGroup"
The MDB:
The ejb-jar.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd"
version="3.0">
<assembly-descriptor>
<security-role>
<description>
Sample Role.
</description>
<role-name>SampleRole</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>
T
he weblogic-ejb-jar.xml file:
<weblogic-ejb-jar xmlns="http://www.bea.com/ns/weblogic/10.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/10.0
http://www.bea.com/ns/weblogic/10.0/weblogic-ejb-jar.xsd">
<security-role-assignment>
<role-name>SampleRole</role-name>
<principal-name>SampleGroup</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>
when I try to deploy the MDB jar in weblogic , the following error is thrown:
Unable to deploy EJB: UIMAdapterMessageDrivenBean from UIMCartridgeManagementAdapterEJB.jar:
The run-as security principal, 'SampleGroup', chosen for the EJB 'UIMAdapterMessageDrivenBean(Application: inventory-adapter, EJBComponent: UIMCartridgeManagementAdapterEJB.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.
Instead of group name as principal name if I provide the user "SampleUser", every thing works fine and MDB works fine.
when we use run-as should the security principal always be user rather than a group. In that case how can I allow a certain group with a particular role execute onmessage.
rather than annotation I even tried using run-as attribute in the ejb-jar.xml , i.e
++<message-driven>++
++<ejb-name>UIMAdapterMessageDrivenBean</ejb-name>++
++<ejb-class>oracle.communications.inventory.cartridgemanagement.adapter.UIMAdapterMessageDrivenBean</ejb-class>++
++<transaction-type>Container</transaction-type>++
++<message-destination-type>javax.jms.Queue</message-destination-type>++
++<security-identity>++
++<run-as>++
++<role-name>SampleRole</role-name>++
++</run-as>++
++</security-identity>++
++</message-driven>++
but it doesn't make any difference. any help or pointer is appreciated