Using @RunAs
lhoriman Dec 12, 2005 8:14 PMI would like to have an unsecured SLSB EJB call a secured SLSB EJB using the @RunAs tag. ie:
Client -> UnsecuredBean -> SecuredBean
I expect this to be possible because I have my own login config and the "unauthenticatedIdentity" set to a real value. However, I'm getting a NPE from the RunAsSecurityInterceptor.
My beans:
@Stateless
@SecurityDomain("myDomain")
@RunAs("god")
public class UnsecuredEJB ...
and:
@Stateless
@SecurityDomain("myDomain")
@RolesAllowed({"god"})
public class SecuredEJB ...
The resulting stack trace:
java.lang.NullPointerException org.jboss.ejb3.security.RunAsSecurityInterceptor.getRunAsIdentity(RunAsSecurityInterceptor.java:54) org.jboss.aspects.security.RunAsSecurityInterceptor.invoke(RunAsSecurityInterceptor.java:53) org.jboss.ejb3.security.RunAsSecurityInterceptor.invoke(RunAsSecurityInterceptor.java:67) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) org.jboss.aspects.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:151) org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:85) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:63) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:32) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:91) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:148) org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:60) $Proxy388.createPerson(Unknown Source) [my UnsecuredEJB] com.mydomain.web.action.ConfirmSignup.execute(ConfirmSignup.java:47) [the client]
Shouldn't this work? @RunAs seems to work fine when calling from an authenticated bean.
Thanks,
Jeff Schnitzer