2 Replies Latest reply on Feb 6, 2003 4:39 PM by Peter Doornbosch

    Subject.doAs with Servlet

    Jose Luiz Newbie

      I need to execute a method of a facade as other user.

      I have (I´m using Apache Cactus):

      public void beginPermissao(WebRequest theRequest)
      {
      theRequest.setAuthentication(new BasicAuthentication("teste", "123"));
      }

      protected void setUp() throws Exception
      {
      this.rootLoginContext = new LoginContext("PILoginModule", new TesteCallbackHandler("root", "123"));
      this.permissaoPastaHome = PermissaoPastaHome.getInstance();
      this.usuarioHome = UsuarioHome.getInstance();
      this.usuarioTeste = this.usuarioHome.getUsuario();
      this.pastaHome = PastaHome.getInstance();
      rootLoginContext.login();
      this.pastaTeste = (Pasta) Subject.doAsPrivileged(rootLoginContext.getSubject(), new java.security.PrivilegedExceptionAction()
      {
      public Object run() throws Exception
      {
      Pasta p = pastaHome.criar("Pasta Root de Testes", pastaHome.getPastaPublica());


      Permissao perm = new Permissao();
      perm.setControleTotal(true);
      perm.setCopiar(true);
      perm.setCriarFilho(true);
      perm.setEditar(true);
      perm.setExecutar(true);
      perm.setMover(true);
      perm.setRemover(true);
      permissaoPastaHome.setPermissao(p, usuarioTeste, perm);
      return p;
      }
      }, null);
      }


      public void testPermissao() throws Exception
      {
      assertEquals("Pasta Root de Testes", this.pastaTeste.getNome());
      }


      When a execute I got:
      java.security.PrivilegedActionException: java.rmi.ServerException: EJBException:; nested exception is:
      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Insufficient method permissions, principal=teste, method=setPermissao, interface=REMOTE, requiredRoles=[admin], principalRoles=[usuario]

      What wrong I´m doing? Please Help me!

        • 1. Re: Subject.doAs with Servlet
          Jose Luiz Newbie

          Please. Anybody help me!

          • 2. Re: Subject.doAs with Servlet
            Peter Doornbosch Apprentice

            What you're doing wrong? The user that is calling the EJB method is in the 'usuario' role and the EJB allows only users in the 'admin' role to call it. That's what the exception tells me.

            It could be that the reason that you don't get so much response, is that it is a little hard to understand what you are doing - at least for me it is.

            I don't know that cactus stuff, but i think your problem is not in cactus, is it? Why not write a simple testcase, e.g. using a standard servlet? It might help you find the bug, because it's a simple example, or you can post it here so we can really help you.
            Oh, and btw: the fact that the code is in spanish (i guess ;-)) doesn't make it much more clear

            Cheers,
            Peter.