-
1. Re: Multi-level authentication
petertje Jan 30, 2003 4:34 PM (in response to jbossst)use the runAs security identify
in your ejb-jar.xml:
...
<security-identity>
<run-as>
<role-name>admin</role-name>
</run-as>
</security-identity>
hth
Peter -
2. Re: Multi-level authentication
jbossst Feb 3, 2003 2:45 AM (in response to jbossst)Thanks but I'am working with EJB 1.1 !!!
Run-As tag is only available on EJB 1.0 and 2.0.
How can I resolve my problem in EJB 1.1 ???
Thanks -
3. Re: Multi-level authentication
petertje Feb 3, 2003 4:31 PM (in response to jbossst)> Run-As tag is only available on EJB 1.0 and 2.0.
Surprising, but correct.
> How can I resolve my problem in EJB 1.1 ???
I'm afraid you can't. At least not in a appserver-independant way. If that is not your concern, you could try to set the security credentials yourself by calling SecurityAssociation.setPrincipal() etc. Never tried it myself though, so i can't garantuee it works....
Good luck! sorry i can't help you any better ;-(
Peter -
4. Re: Multi-level authentication
jbossst Mar 5, 2003 3:19 PM (in response to jbossst)Hi,
I'm using JBoss 3.0.4.
But, the "run-as" tag (in ejb-jar.xml) doesn't work.
<ejb-name>CommandDispatcher</ejb-name>
...
...
<ejb-class>...</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-role-ref>
<role-name>Admin</role-name>
<role-link>Admin</role-link>
</security-role-ref>
<security-role-ref>
<role-name>User</role-name>
<role-link>User</role-link>
</security-role-ref>
<security-identity>
<run-as>
<role-name>Admin</role-name>
</run-as>
</security-identity>
This session bean access a lot of BMP.
I use a simple user login name and password like "guest" linked to the "User" role.
In the BMP, the call of Context.isCallerInRole("Admin") returns false !!!
And the call of Context.isCallerInRole("User") returns true.
Normaly, I thing the two calls must return true !!
Thanks for your help.