Hi
I am having problems getting AccessController.doPrivileged to work correctly, or at least how I think it should work.
From what I understand it is useful to execute a method that is protected by @RolesAllowed even if the user does not have that role? Eg. Ejb1.methodA executes Ejb2.methodB, but methodB is protected with a role which the calling user might not have. In the context of methodA it is ok for him to have access to it. Am I correct in my understanding?
My Glassfish configuration is as follows:
* Default Principal To Role Mapping is enabled. Thus no roles are defined in xml.
* Mapped Principal Class is not specified.
* Security Manager is disabled.
If the user have the roles it executes fine. So I think I am on the right track with the security configuration and implementation.
When I remove the role from the user and try to execute the method using AccessController.doPrivileged(PrivilegedAction) I get the following security exception:
javax.ejb.AccessLocalException: Client not authorized for this invocation.
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1218)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:195)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:83)
Anybody help will be appreciated.
[Message sent by forum member 'drfranknfurter' (drfranknfurter)]
http://forums.java.net/jive/thread.jspa?messageID=332184