1 Reply Latest reply on Apr 7, 2008 4:23 PM by Rafael Ruppel

    How to use the RunAs annotation?

    Rafael Ruppel Newbie

      Hi all,

      I have an application that already use the security system.

      Now, I want to create a webservice ("Caller") that will inject and call the methods from another EJB ("Executor").

      This is how I designed:

      
      @Stateless
      @SecurityDomain("myDomain")
      @RolesAllowed("ADMIN")
      class Executor implements IExecutor {
      
      void doSomething(){
      
      // execute here
      }
      
      }
      
      
      
      @WebService
      @Stateless
      @SecurityDomain("myDomain")
      @RunAs("ADMIN")
      class Caller{
      
      
      @EJB private IExecutor executor;
      
      @WebMethod
      void call(){
      executor.doSomething();
      }
      
      
      }
      
      



      but when I try to acess the webmethod it gives an Exception "Authentication failure"


      I am using a DatabaseServerLoginModule at login-config.xml

      and it is already working if I do this:

      Properties props = new Properties();
      props.put(Context.SECURITY_PRINCIPAL, login);
      props.put(Context.SECURITY_CREDENTIALS, pass);
      props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
      this.ic = new InitialContext(props);

      ic.lookup(beanName);


      how can I access the Executor security bean trhough a webservice?

      i appreciate any help

      thanks,
      Rafael





        • 1. Re: How to use the RunAs annotation?
          Rafael Ruppel Newbie

          ok,

          I could make it working just adding a jboss.xml with this content:

          <jboss>
           <unauthenticated-principal>anonymous</unauthenticated-principal>
          </jboss>
          



          I thought that this could mean that it wont have any security at all, but I removed the @RunAs annotation and it stopped working...

          so I think that my app is still safe, and for some strange reason, I really have to put this xml to the RunAs work properly

          I will study the documentation to discover if this behavior is expected, and I will also look for an annotation to avoid the jboss.xml file

          I found a topic with the same prob, I will update it here: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=72797