3 Replies Latest reply on Feb 14, 2004 10:44 AM by starksm64

unauthenticatedIdentity and user roles

roberto Feb 14, 2004 6:59 AM

I have a ejb method "M1" that run as role "A", this method call another ejb method "M2" that require role "B".
I have set a unauthenticatedIdentity in the login-config.xml to user "MyUser" and set roles for this user to "A" and "B" (in user and role properties).
But when the first method (M1) try to call methos M2 an exception occurs.

java.lang.SecurityException: Insufficient method permissions, runAsRole=A, method=create, interface=HOME, requiredRoles=[B]

I have check the user retrieved using the getCallerPrincipal and this is correct.. the response is "MyUser".. the same set as
unauthenticatedIdentity .

What append ? or how unauthenticatedIdentity works ?
Any workaround ?

Also i have try to set as unauthenticatedIdentity a non existing user... and.. suprise... this user is used but the same exception occurs...
So i think that the unauthenticatedIdentity jboss doesn't retrieve roles, but use only the role in the Run-As clause

Ty

1. Re: unauthenticatedIdentity and user roles

starksm64 Feb 14, 2004 9:14 AM (in response to roberto)

The behavior you see is expected given your setup. The unauthenticatedIdentity option never assigns roles to the caller, only an identity. The run-as role defines what role a component will assume no matter what the caller roles may be.
Actions
2. Re: unauthenticatedIdentity and user roles

roberto Feb 14, 2004 10:23 AM (in response to roberto)

Ty..
So how i can resolve my problem ?
i need login (like a client) or i can set more run-as roles... or other?
Actions
3. Re: unauthenticatedIdentity and user roles

starksm64 Feb 14, 2004 10:44 AM (in response to roberto)

You answered your own question. Login as a client if you need to behave as a client.
Actions

Go to original post