Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

RunAs and EJBCallerPrincipal

 
sandeeprajsingh tandon
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I am trying to invoke a Session Bean BeanA's methodA ()via an MDB MDB1. Both MDB1 and SessionBean BeanA has RunAs("my user") annotation on it.
The user has been mapped on WAS 7 to correct roles.

I am trying to get the CalllerPrincipal from,
- the ejbcontext in the methodA of the BeanA and
- the messagedrivenbeancontext in onMessage method of MDB1.

At both places i get UNAUTHENTICATED for the caller principal
How can i get the RunAs User in the session bean, BeanA's method A.
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2447
96
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am not sure whether I understand you correctly, but the MBD is calling you Session bean, right?

In that case there is no Principal involved as MBD's don't have a client.

Regards,
Frits
 
sandeeprajsingh tandon
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Frits, you have understood me correctly.
MDBs are calling session bean but MDB has been configured as RUNAS(my user) also the Session Bean has been configured as RunAs(My User)

Are you saying, since MDBs dont have a client to access them, there is no way i can get callerPrincipal ?
Does RunAs not alter the caller principal atleast on Session beans?

What are my alternatives.
Actually my session bean is supposed to set principal object it recieves in Database Session
Its currently setting up 'UNAUTHENTICATED'. Is there a way i can pass the 'myuser' principal to my Session bean or is there any other option to pass the myuser user?



 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2447
96
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you saying, since MDBs dont have a client to access them, there is no way i can get callerPrincipal ?

Yes, as there is no authentication in place, there is no Principal involved (unless you have something ejb-container vendor dependent feature)
From the EJB3.1 specs:
5.4.13 Security Context of Message-Driven Bean Methods
A caller principal may propagate into a message-driven bean's message listener methods. Whether this occurs is a function of the specific message-listener interface and associated messaging provider, but is not governed by this specification.

Where do you you thought you would get your Principal from?

Does RunAs not alter the caller principal atleast on Session beans?

Nope, The RunAs annotation just tells the bean to play in another role (you are altering the Role of the Principal, not the name)

What are my alternatives.

Check the messaging provider if and how it is possible to map a user to a MDB.

Regards,
Frits
 
sandeeprajsingh tandon
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks frits. I will check the documentation. I know in WAS i can get somethign like a SUBJECT but will need to see if that solves my problems.
 
sandeeprajsingh tandon
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I finally solved it by Having a RunAs annotation on MDB and configuring its binding file[ibm-application-bnd.xml] like this.



and also adding @DeclareRoles({"Authenticated"}) on top of my sesion bean that is invoked from the mdb.
that gives me the principal from the sessioncontext.
ejb-jar.xml looks like this

 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2447
96
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for coming back and putting your solution here.

Regards,
Frits

N.B. I have added "Code" tags around the XML-code. You can do that yourself next time by pressing the "Code" button
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic