> > Thanks Bobby - the web security constraint was really just to test
> > that I could authenticate as one of the user's in the new
> realm (which
> > works as expected), whereas the intent of the RunAs
> annotation in the
> > InitServlet is to run as a 'system role' when the EAR is started to
> > initialize some services using an EJB call (which I don't
> want anyone
> > else to be calling interactively), so I'd prefer no user
> interaction
> > there...
>
> Ok, in that case you can simplify further, though maybe you
> started with a simple case and added the rest just to
> manually log into the server to test. I tried a small test
> and @RunAs is working fine for me. I can send the full
> example to you if you'd like, but this is everything related
> to the security part:
[snip]
>
> And that's the only places that "ejbuser" is referenced in
> the example.
> Maybe you can see what is different in your case from this
> one. From the use case you're describing, I'm thinking now
> that you're trying to call the bean method in the servlet
> init() method rather than in one of the service methods. Is
> that correct? If, so, I'm not sure whether or not RunAs is
> supposed to work during init(). I'd have to look that up.
OK thanks very much Bobby, that all makes sense and you're quite right,
I am calling the EJB from the init() method so that might be where I'm
falling down (had a vague feeling that this might be whats going on, but
then I think I tried a few get/post's on the servlet in question and the
principal I'd logged in with was used, not the run-as one, so I'll clean
things up and retry with that in mind).
It'd be nice if init() did obey the 'run-as' contract for this type of
initialisation call to the EJB layer, as moving the logic to a service
method will mean some kind of user interaction. I'll clean up and retry
though. I still think its kind of (ab)using the servlet for a purpose
its not really meant for, initializing the EJB's - I'd love a
'ContainerContextListener' type setup for the EJB-tier initialization,
or even to have the web context listener obey the run-as annotation,
again not really sure if the spec says anything about web context
listeners and run-as, I'll have a squiz.
Cheers
Joe
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.