0 Replies Latest reply on Nov 16, 2006 4:12 AM by Scott McNab

    @RunAsPrincipal annotation missing from EJB 3.0 spec?

    Scott McNab Newbie

      I could be wrong, but it seems to me that the EJB 3.0 security annotations are missing the ability to force an EJB to run using more than one security role. The @RunAs annotation assigns a SINGLE role to the methods called by a bean, but what do we do when we want to give a bean MULTIPLE security roles?

      For example, consider the case where we have an MDB processing incoming JMS messages. We want this bean to be able to call other EJBs, and these beans may each have their own security role requirements.

      Assume we have 3 levels of security: User, Supervisor, Admin. In addition to these roles, we want 'Supervisor' level users to also have access to general 'User' privilege methods, and 'Admin' users to have access to all roles.

      If we use @RunAs("Supervisor") on our MDB, then it cannot access other beans with methods marked as @RolesAllowed({"User"}), as we cannot specify multiple @RunAs annotations on the one class!


      Now, according to this page:

      http://wiki.jboss.org/wiki/Wiki.jsp?page=RunAsIdentityCreation

      we can simulate this behavior using the XML deployment descriptor to assign multiple roles to Principals, like this:

      <ejb-jar>
      ...
      <assembly-descriptor>
      ...
      <security-role>
      <role-name>User</role-name>
      <principal-name>user</principal-name>
      <principal-name>supervisor</principal-name>
      <principal-name>admin</principal-name>
      </security-role>
      <security-role>
      <role-name>Supervisor</role-name>
      <principal-name>supervisor</principal-name>
      <principal-name>admin</principal-name>
      </security-role>
      <security-role>
      <role-name>Admin</role-name>
      <principal-name>admin</principal-name>
      </security-role>
      </assembly-descriptor>
      </ejb-jar>


      And then marking each bean explicitly:

      <message-driven>
      ...
      <security-identity>
      <run-as-principal>supervisor</run-as-principal>
      </security-identity>
      ...
      </message-driven>


      which I would like to avoid, if possible, as I would rather keep this configuration information in EJB3 style annotations (all my other configuration up until this point is annotation-only).


      Am I right in coming to these conclusions? If so, it would seem that:

      1. @RunAs should be renamed to @RunAsRole as this is more meaningful (and less confusing).
      2. A new annotation @RunAsPrincipal should be added so we can access this behavior.

      or, alternatively, a third solution exists:

      3. @RunAs could be extended to support multiple rules - e.g. @RunAsRoles({"User","Supervisor"})


      What do you guys think?