Hi,
I'm a little bit confused about the whole security mechanism in Glassfish. My application uses role based authorization. Let's assume I defined three roles ('A' 'B' and 'C') and one of my session beans is annotated with RolesAllowed({"A", "B"}) annotation - this means that a principal (application's user) must be granted roles A and B to invoke this bean's methods. It's all clear and simple. Problem is I need to run these methods from another session bean which may be invoked by anonymous user. As I understand this is what the RunAs annotation is for. So my question is why I can define only one role name in the RunAs annotation? And another question - is there any way to configure a session bean to behave as if it was called by a principal with two or more roles?
Thanks,
Olaf Tomczak
[Message sent by forum member 'olafos' (olafos)]
http://forums.java.net/jive/thread.jspa?messageID=291786