6 Replies Latest reply on Sep 19, 2014 10:03 AM by marcelomrwin

Using @RunAs annotation on JBoss AS 7.2

ajcmartins Mar 1, 2013 7:19 AM

Hello we have been using security annotations like @RunAs("private") on our service layer together with @RolesAllowed("private") on DAOs to ensure that only those services were allowed to invoke the respective DAOs.

Meanwhile we migrated to JBoss AS 7.2 ( currently pre-release) and we are no longer able to use use the services that are annotated with @RunAs("private").

ERROR [org.jboss.as.ejb3.invocation] (pool-3-thread-1) JBAS014134: EJB Invocation failed on component TestServiceBean for method public void com.present.TestServiceBean.testMethod(): javax.ejb.EJBAccessException: JBAS014502: Invocation on m
od: public void com.present.TestServiceBean.testMethod() of bean: TestServiceBean is not allowed

Any hint on what has changed since 7.1.1 Final and on how can we fix it?

1. Re: Using @RunAs annotation on JBoss AS 7.2

nickarls Mar 1, 2013 7:32 AM (in response to ajcmartins)

Haven't used that but noticed that there is a chapter in https://docs.jboss.org/author/display/AS72/Securing+EJBs which is new since 7.1 so perhaps it provides some insight
1 of 1 people found this helpful
Actions
2. Re: Using @RunAs annotation on JBoss AS 7.2

jaikiran Mar 1, 2013 7:43 AM (in response to ajcmartins)

Can you post the relevant code including the caller EJB(?) and the bean being called?
Actions
3. Re: Using @RunAs annotation on JBoss AS 7.2

ajcmartins Mar 1, 2013 10:42 AM (in response to nickarls)

Hi Nicklas, i was indeed unaware of that chapter and it does contain relevant information that may explain what is happening. I need to make some tests and will get back to this post if it works.

Thank you for your help.
Actions
4. Re: Using @RunAs annotation on JBoss AS 7.2

ajcmartins Mar 1, 2013 10:55 AM (in response to jaikiran)

Hi jaikiran, the scenario i have at the moment is a bit convoluted because it includes a custom security valve and login module. But the chapter indicated by Nicklas may contain the reason for what is happening. I need to do some tests and if they fail i will create a more simple test case and post it here.

Thank you for your time.
Actions
5. Re: Using @RunAs annotation on JBoss AS 7.2

ajcmartins Mar 6, 2013 9:46 AM (in response to ajcmartins)

The problem was indeed related with changes on the 7.2 version and that are documented on the link provided by Nicklas. The important part on my case was:

Starting, JBoss AS 7.2.x version, such methods which have no explicit security configurations, in a secured bean, will be treated similar to a method with@DenyAll configuration. What that means is, no one is allowed access to the helloWorld method.

Every public method on a secured bean needs to have explicit security access configurations or the exception that i presented on this thread start will be thrown when you try to access them.
Actions
6. Re: Using @RunAs annotation on JBoss AS 7.2

marcelomrwin Sep 19, 2014 10:03 AM (in response to ajcmartins)

Greats! help me a lot! Thanks.
Actions

Go to original post