-
1. Re: Calling protected ejb method from anoter
wolfgangknauf Feb 17, 2009 9:59 AM (in response to drfranknfurter)Hi,
would it help to add "role1" to the @RolesAllowed of EJB2?
If not: you could take a look at the @RunAs annotation (ejb spec 17.3.4):Establishing a run-as identity for an enterprise bean does not affect the identities of its callers, which
are the identities tested for permission to access the methods of the enterprise bean. The run-as identity
establishes the identity the enterprise bean will use when it makes calls.
Thus, your bean would make all calls to ejb2 as the role specified by "@RunAs", but it's own methods would require "role1".
Hope this helps
Wolfgang -
2. Re: Calling protected ejb method from anoter
drfranknfurter Feb 19, 2009 7:04 AM (in response to drfranknfurter)Excellent, @RunAs suites my requirements perfectly.
Thank you very much. -
3. Re: Calling protected ejb method from anoter
drfranknfurter Feb 20, 2009 2:33 AM (in response to drfranknfurter)It seems I spoke a bit hastily.
Although initial tests indicated that this should work, I can't get it to work. I think I misunderstood.
Here is my scenario:
Web tier calls EJB1 method which is protected. The user has the required role and all is well. EJB1 calls EJB2 which requires a different role. So I annotated EJB1 with @RunAs specifying the role required by EJB2.
Unfortunately @RunAs only allows 1 role. This is not sufficient if EJB1 calls various other EJBs protected with various roles. What I tried to do to get around this was create a role, not ever assigned to a user, for this purpose specifically.
@RunAs would always use this role and methods that are called from the Web tier AND the EJB tier gets this role added to its @RolesAllowed (in addition to the existing role required).
Sounded like a good idea at the time... except for that it does not work.
Even if the user has the original role required for the method call it fails. Which makes sense since the only role used to call the EJB is now the one specified with @RunAs, what I don't get is why is it not matching? I have the @RunAs role added to the @RolesAllowed? -
4. Re: Calling protected ejb method from anoter
wolfgangknauf Feb 20, 2009 7:56 AM (in response to drfranknfurter)This sounds strange. Did you try to assign this role to a user? Can you call your EJB methods with this user?
Could you post the relevant code snippets and the error message?
Best regards
Wolfgang -
5. Re: Calling protected ejb method from anoter
drfranknfurter Mar 13, 2009 9:15 AM (in response to drfranknfurter)K, I am an idiot. Messed up the test. Our current project is required to run on both JBoss and Glassfish. It works as advertised on JBoss, Glassfish on the other hand ignores it like a traffic sign.
Thanks again for your help. -
6. Re: Calling protected ejb method from anoter
wolfgangknauf Mar 13, 2009 11:35 AM (in response to drfranknfurter)Nobody is perfect ;-).