users@glassfish.java.net

RE: Re: _at_RunAs doesn't forward security principal?

From: Markus Karg <karg_at_quipsy.de>
Date: Thu, 10 Jul 2008 15:50:16 +0200

Side Note: We changed both Session Beans from @RolesAllowed("User") to @PermitAll, but still it says we are not authorized! VERY strange!

Anybody an idea?

Thanks
Markus

-----Original Message-----
From: glassfish_at_javadesktop.org [mailto:glassfish_at_javadesktop.org]
Sent: Donnerstag, 10. Juli 2008 15:32
To: users_at_glassfish.dev.java.net
Subject: Re: @RunAs doesn't forward security principal?

We did what you proposed:

> > | <sun-ejb-jar>|
> > | <enterprise-beans>|
> > | <ejb>|
> > | <ejb-name>HelloEjb</ejb-name>|
> > | <principal>|
> > | <name>aprincipal</name>|
> > | </principal>|
> > | </ejb>|
> > | </enterprise-beans>|
> > | </sun-ejb-jar> |

<sun-ejb-jar>
        <ejb>
                <ejb-name>ComplaintServiceBean</ejb-name>
                <principal>
                        <name>cde</name>
                </principal>
        </ejb>
        </enterprise-beans>
</sun-ejb-jar>

But still in server.log it says we're not authorized (but it prints the user 'cde' in the error message -- and that user [b]is[/b] authorized since he is in the sole defined group that is mapped upon the sole defined role -- the role needed by the called SB!):

[i](principals com.sun.enterprise.deployment.PrincipalImpl "cde")[/i]

The funny thing is, if we do not use @RunAs, and if we do not use the above sun-ejb-jar.xml, but just login to our servlet using simple BasicHttpAuthentication [b]with exactly the same principal name[/b] then it works pretty well.

So in short: Forwarding a manually Basic-Authenticated user works well, while @RunAs plus declared principal does not -- with the same user! For us that looks like a bug!

(see attached server.log!)

We're totally confused. It just seems as it completely ignores this entry in sun-ejb-jar! :-(

Please Help! :-)

Thanks
Markus
[Message sent by forum member 'mkarg' (mkarg)]

http://forums.java.net/jive/thread.jspa?messageID=285659

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net