0 Replies Latest reply on Sep 9, 2013 10:02 PM by Brian Wallis

    MDBs , @RunAs and multiple roles

    Brian Wallis Master

      Is it possible to configure an MDB so that when it calls a session bean, there are two (or more) roles associated with the session context.


      The reason for this is that I have a bunch of session beans that are called directly or indirectly from a message driven bean's onMessage() function. These session beans have methods that are annotated with one of three roles, @RolesAllowed("readonly"), @RolesAllowed("readwrite") or @RolesAllowed("admin").


      These annotations work fine for user interactions as the users (when they login) have a set of roles that is either ["readonly"], ["readonly","readwrite"] or ["readonly","readwrite","admin"].


      What I need with my MDB is to have two roles in the session context when the session bean is called, ["readonly","readwrite"].


      Yes, I could go and change all of the @RolesAllowed() annotations so that

      1. @RolesAllowed("readonly") becomes @RolesAllowed({"readonly","readwrite","admin"})
      2. @RolesAllowed("readwrite") becomes @RolesAllowed({"readwrite","admin"})
      3. @RolesAllowed("admin") stays as it is.

      but this doesn't help where I have calls to isCallerInRole(). Where I use something like


      I would need instead

      if(ctx.isCallerInRole("readonly) || ctx.isCallerInRole("readwrite") || ctx.isCallerInRole("admin"))

      to get the required behaviour.


      but that seems a bit clumsy to me. So, is there a way to assert more than one role for the outgoing bean calls from the MDB?