3 Replies Latest reply on May 7, 2002 12:43 PM by Luke Taylor

    run-as, isCallerInRole() and all EJB Roles

    dirk.haase Newbie

      Hi,

      1.)
      in my tests, I had BeanA with <run-as>TestRole</run-as> and it called BeanB. In BeanB I checked isCallerInRole("TestRole") and it returns false. Is this intended?

      2.)
      is there a (proprietary) way to get all EJBRoles for the logged-in principal?

      thanks for any comments,
      Jex

        • 1. Re: run-as, isCallerInRole() and all EJB Roles
          Chris Gerrard Newbie

          I'm also trying to find a way to programmatically retrieve the current User's roles, and think Eddie Chan is also trying to do so.
          My case is (I think) similar to yours - I have custom "security policies" associated with individual application objects and need to determine at runtime what access the User has to the object based upon the correlation of the User's set of roles and the roles and access privileges in the "security policy".
          So far the only solution I've been able to come up with is to use EJBContext's geCallerPrincipal() and isCallerInRole() methods to perform some coarse iterative comparisons; this isn't really very satisfying and I'd very much like to find a solution that enables me to obtain the full set of roles for the User in one operation so I can use them as I need to.
          And just to be greedy, I'd like to be able to get access to the javax.security.auth.Subject that is presumably known to JBoss.
          I'm investigating the possibility of hooking into the seecurity interceptor(s), but as of now don't know if or how this might work, or even if I'm barking up the wrong tree.

          • 2. Re: run-as, isCallerInRole() and all EJB Roles
            Chris Gerrard Newbie

            There's a post by basil @http://jboss.org/forums/thread.jsp?forum=49&thread=12162&message=3513126#35131 26
            that describes how to get the current Subject from JBoss.
            I've used this code in a SLSB and it's worked OK so far.

            • 3. Re: run-as, isCallerInRole() and all EJB Roles
              Luke Taylor Novice

              > And just to be greedy, I'd like to be able to get access to
              > the javax.security.auth.Subject that is presumably known to > JBoss.
              > I'm investigating the possibility of hooking into the
              > security interceptor(s), but as of now don't know if or
              > how this might work, or even if I'm barking up the wrong
              > tree.

              Have a look at the following Javaworld article (and example code) which explains how to use JBoss security proxies (which are linked into the security interceptor) and also how to access the current subject.

              http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ejbsecurity_p.html