users@glassfish.java.net

Security Identity Propogation for Servlet with @RunAs

From: <forums_at_java.net>
Date: Wed, 16 Mar 2011 07:32:02 -0500 (CDT)

On Glassfish 3.1 b43.

I have two applications, an EAR with EJB modules, and a separate WAR
module.

When setting up security, both the EAR and the WAR use the same realm. 
Authenticated User subjects are propagated from the WAR to the EAR as
expected.  In an EJB, I can access the caller principal and check is caller
in role.

Now I am trying to write some system code for startup in the WAR.  I write
a Servlet and annotate it with @RunAs("System") with hopes the code in the
init() method will propagate as a System Role to the EJBs.  I would think
all I would have to do is declare the security role in the web.xml, and
declare a mapping to a group in the sun specific, so I put in web.xml:

<security-role>
        <description/>
        <role-name>System</role-name>
</security-role>

and add to sun-web.xml:

<security-role-mapping>
      <role-name>System</role-name>
      <principal-name>systemuser</principal-name>
  </security-role-mapping>
  <servlet>
      <servlet-name>StartupServlet</servlet-name>
      <principal-name>systemuser</principal-name>
  </servlet>

as explained here
http://java.sun.com/developer/technicalArticles/J2EE/security_annotation/

This deploys, but does not propagate the identity I configured here.  It
propogates ANONYMOUS.

*Are there other glassfish configs I need to make this work?*

I've tried adding the System group and systemuser to the database, but that
did nothing.

 

 


--
[Message sent by forum member 'joelstewart']
View Post: http://forums.java.net/node/782089