glassfish_at_javadesktop.org wrote:
>Hi,
>Could you tell me what is the purpose of Default Principal and Default Principal Password in glassfish?
>
>My example is as follows:
>Default Principal is set to USER and Default Principal Password to USERPASS on Configuration->Security Page.
>
>Selected methods of EJBs are secured with @RolesAllowed("USERROLE")
>USER principal is mapped to USERROLE in sun-ejb deployment descriptor.
>
>Most of Web tier calls to EJB are anonymous.
>I thought that I could invoke secured method of EJBs with Default Principal provided in application server configuration. But I cannot. I get AccessLocalException.
>I can read user principal name from SessionContext (in unsecured ejb method). It is set properly to USER. When I check that principal against application role using isCallerInRole("USERROLE") I get false.(?)
>
>So, I have configured web tier to use FORM authentication with JDBC realm. When I log in as USER with USERPASS, ejb secured methods are called properly and isCallerInRole returns true.
>
>Web tier and ejbs are deployed as Enterprise Application and methods are invoked through local interfaces.
>
>What I am doing wrong?
>
>
I just tried a sample based on what you described and it worked for me.
Here is what i do
The Web Tier :
----------------
My Servlet has a RunAs and it invokes an EJB on the Local Interface.
@RunAs("internal")
public class TestServlet extends HttpServlet {
@EJB
private InternalBeanLocal internalBeanBean;
...
}
The Servlet uses BASIC Auth with a security constraint /*
In sun-web.xml i specified the Default Principal for the servlet RunAs
<servlet>
<servlet-name>TestServlet</servlet-name>
<principal-name>internalprincipal</principal-name>
</servlet>
EJB
----------
@Stateless
@DeclareRoles("internal")
public class InternalBeanBean implements InternalBeanLocal {
@RolesAllowed("internal")
public void businessMethod() {
System.out.println("Hello....: Calling Business Method of
Internal Bean");
}
}
sun-ejb-jar.xml :
----------------
<security-role-mapping>
<role-name>internal</role-name>
<principal-name>internalprincipal</principal-name>
</security-role-mapping>
Maps internalprincipal to internal role.
And so the Servlet is able to invoke the secure EJB via LocalInterface
using default principal.
Thanks.
>--
>Best regards,
>Marcin Kwapisz
>[Message sent by forum member 'mkwapisz' (mkwapisz)]
>
>http://forums.java.net/jive/thread.jspa?messageID=249586
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>