> Hi
>
> I am having problems getting
> AccessController.doPrivileged to work correctly, or
> at least how I think it should work.
>
> From what I understand it is useful to execute a
> method that is protected by @RolesAllowed even if the
> user does not have that role? Eg. Ejb1.methodA
> executes Ejb2.methodB, but methodB is protected with
> a role which the calling user might not have. In the
> context of methodA it is ok for him to have access to
> it. Am I correct in my understanding?
>
calling Ejb2.methodB using AccessController.doPrivileged from Ejb1.methodA cannot ensure that the call would have the role required. Did you see this documented somewhere.
> My Glassfish configuration is as follows:
> * Default Principal To Role Mapping is enabled. Thus
> no roles are defined in xml.
Activating default P2R would do the job of mapping the same named group to the same named role.
So the roles would still need to be defined either by Annotations or in xml
> * Mapped Principal Class is not specified.
This is ok as long as there is only one principal that is in the role in question.
Thx.
> * Security Manager is disabled.
>
> If the user have the roles it executes fine. So I
> think I am on the right track with the security
> configuration and implementation.
>
> When I remove the role from the user and try to
> execute the method using
> AccessController.doPrivileged(PrivilegedAction) I get
> the following security exception:
>
> javax.ejb.AccessLocalException: Client not authorized
> for this invocation.
> at
> t
> com.sun.ejb.containers.BaseContainer.preInvoke(BaseCon
> tainer.java:1218)
> at
> t
> com.sun.ejb.containers.EJBLocalObjectInvocationHandler
> .invoke(EJBLocalObjectInvocationHandler.java:195)
> at
> t
> com.sun.ejb.containers.EJBLocalObjectInvocationHandler
> Delegate.invoke(EJBLocalObjectInvocationHandlerDelegat
> e.java:83)
>
> Anybody help will be appreciated.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=332198