-
1. Re: Multi-level authentication
use the runAs security identify
in your ejb-jar.xml:
...
<security-identity>
<run-as>
<role-name>admin</role-name>
</run-as>
</security-identity>
hth
Peter -
2. Re: Multi-level authentication
Thanks but I'am working with EJB 1.1 !!!
Run-As tag is only available on EJB 1.0 and 2.0.
How can I resolve my problem in EJB 1.1 ???
Thanks -
3. Re: Multi-level authentication
> Run-As tag is only available on EJB 1.0 and 2.0.
Surprising, but correct.
> How can I resolve my problem in EJB 1.1 ???
I'm afraid you can't. At least not in a appserver-independant way. If that is not your concern, you could try to set the security credentials yourself by calling SecurityAssociation.setPrincipal() etc. Never tried it myself though, so i can't garantuee it works....
Good luck! sorry i can't help you any better ;-(
Peter -
4. Re: Multi-level authentication
Hi,
I'm using JBoss 3.0.4.
But, the "run-as" tag (in ejb-jar.xml) doesn't work.
<ejb-name>CommandDispatcher</ejb-name>
...
...
<ejb-class>...</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-role-ref>
<role-name>Admin</role-name>
<role-link>Admin</role-link>
</security-role-ref>
<security-role-ref>
<role-name>User</role-name>
<role-link>User</role-link>
</security-role-ref>
<security-identity>
<run-as>
<role-name>Admin</role-name>
</run-as>
</security-identity>
This session bean access a lot of BMP.
I use a simple user login name and password like "guest" linked to the "User" role.
In the BMP, the call of Context.isCallerInRole("Admin") returns false !!!
And the call of Context.isCallerInRole("User") returns true.
Normaly, I thing the two calls must return true !!
Thanks for your help.