• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

query about RunAs annotation ?

 
gurpeet singh
Ranch Hand
Posts: 924
1
Fedora Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lets have 2 stateless session beans A and B. also there is servlet which invokes method on Bean A which further invokes method on Bean B. consider following snippets of code and DD.

SessionBean A :



Session Bean B :





sun-web.xml DD




Servlet :



this is my web.xml





in the glassfish security realm/domain i have created a group named test with 2 users namely ammu and anuj. in the dd above i have mapped role guest to this group name test. also i have a role admin mapped to principal guru. now when i invoke my servlet i get the following exception :


|#]


however if i dont use <group-name> tag in <security-role-mapping> and instead use <principal-name> then it works fine .

what i was testing is how does RunAs works ? specifically, say i specify @RunAs("guest") on session bean A. now lets say there are more than one principal/user with role as guest(for that i created a group). now when we invoke method of SessionBean A it will run as identity guest(no matter what was the role of original caller when we invoked servlet). and the same identity will be passed on to SessionBean B. now i wanted to check in session bean B what does SessionContext.getCallerPrincipal().getName() returned, since there are 2 prinicipals with role guest. ?
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2423
95
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!

Maybe I am missing something but how do you authenticate to the web application? (I don't see a <auth-constraint> and also no <login-config> element)

now i wanted to check in session bean B what does SessionContext.getCallerPrincipal().getName() returned, since there are 2 prinicipals with role guest. ?

The Principal's name is not changed, it will be the name that was given when authentication took place. The role name however will be different (you can verify this with boolean isCallerInRole(java.lang.String roleName)

Regards,
Frits
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic