• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

MDB: problem using group as principal name when using @RunAs annotation

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am having a problem using group name as principal name when using @RunAs annotation in a message driven bean. I am not able to deploy the MDB.
I would like the code in my onMessage() method to be executed with a specific role/user, so I want to use the @RunAs annotation to achieve this.

I am running weblogic 10.3.5
I have created the following in weblogic console:
- Group "SampleGroup"
- User "SampleUser", member of "SampleGroup"

The MDB:


The ejb-jar.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd"
version="3.0">
<assembly-descriptor>
<security-role>
<description>
Sample Role.
</description>
<role-name>SampleRole</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>

The weblogic-ejb-jar.xml file:
<weblogic-ejb-jar xmlns="http://www.bea.com/ns/weblogic/10.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/10.0 http://www.bea.com/ns/weblogic/10.0/weblogic-ejb-jar.xsd">
<security-role-assignment>
<role-name>SampleRole</role-name>
<principal-name>SampleGroup</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>


when I try to deploy the MDB jar in weblogic , the following error is thrown:

Unable to deploy EJB: UIMAdapterMessageDrivenBean from UIMCartridgeManagementAdapterEJB.jar:
The run-as security principal, 'SampleGroup', chosen for the EJB 'UIMAdapterMessageDrivenBean(Application: inventory-adapter, EJBComponent: UIMCartridgeManagementAdapterEJB.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.


Instead of group name as principal name if I provide the user "SampleUser", every thing works fine and MDB works fine.

when we use run-as should the security principal always be user rather than a group. In that case how can I allow a certain group with a particular role execute onmessage.

rather than annotation I even tried using run-as attribute in the ejb-jar.xml , i.e

++<message-driven>++
++<ejb-name>UIMAdapterMessageDrivenBean</ejb-name>++
++<ejb-class>oracle.communications.inventory.cartridgemanagement.adapter.UIMAdapterMessageDrivenBean</ejb-class>++
++<transaction-type>Container</transaction-type>++
++<message-destination-type>javax.jms.Queue</message-destination-type>++
++<security-identity>++
++<run-as>++
++<role-name>SampleRole</role-name>++
++</run-as>++
++</security-identity>++
++</message-driven>++

but it doesn't make any difference. any help or pointer is appreciated
 
Right! We're on it! Let's get to work tiny ad!
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic