1 Reply Latest reply on Apr 7, 2008 4:23 PM by rruppel

How to use the RunAs annotation?

rruppel Apr 7, 2008 12:54 PM

Hi all,

I have an application that already use the security system.

Now, I want to create a webservice ("Caller") that will inject and call the methods from another EJB ("Executor").

This is how I designed:


@Stateless
@SecurityDomain("myDomain")
@RolesAllowed("ADMIN")
class Executor implements IExecutor {

void doSomething(){

// execute here
}

}



@WebService
@Stateless
@SecurityDomain("myDomain")
@RunAs("ADMIN")
class Caller{


@EJB private IExecutor executor;

@WebMethod
void call(){
executor.doSomething();
}


}

but when I try to acess the webmethod it gives an Exception "Authentication failure"

I am using a DatabaseServerLoginModule at login-config.xml

and it is already working if I do this:

Properties props = new Properties();
props.put(Context.SECURITY_PRINCIPAL, login);
props.put(Context.SECURITY_CREDENTIALS, pass);
props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
this.ic = new InitialContext(props);

ic.lookup(beanName);

how can I access the Executor security bean trhough a webservice?

i appreciate any help

thanks,
Rafael

1. Re: How to use the RunAs annotation?

rruppel Apr 7, 2008 4:23 PM (in response to rruppel)
ok,

I could make it working just adding a jboss.xml with this content:

<jboss> <unauthenticated-principal>anonymous</unauthenticated-principal> </jboss>

I thought that this could mean that it wont have any security at all, but I removed the @RunAs annotation and it stopped working...

so I think that my app is still safe, and for some strange reason, I really have to put this xml to the RunAs work properly

I will study the documentation to discover if this behavior is expected, and I will also look for an annotation to avoid the jboss.xml file

I found a topic with the same prob, I will update it here: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=72797
Actions