3 Replies Latest reply on Nov 30, 2010 4:59 PM by Gerry Smith

    AS4, AS5 and run-as

    Gerry Smith Newbie

      A guest (unauthenticated entity) accesses an unchecked session bean (SB1) which has runas=myrole.

      SB1 calls another session bean SB2 which requires myrole.

      SB2 calls a method on an entity bean which also requires myrole.

       

      In AS 4, this works.

      In AS 5.1, this throws a security exception because SB2 is not running as myrole.

      I think AS 5.0 did the same when tested some time ago.

       

      Is this a bug or intended ?

      is there a workaround ?

       

      In AS 6, does the runas role propogate through the calls as in AS 4, or not as in AS 5.1 ?

       

      Many thanks,

       

      Gerry