JBoss 4.0.5GA - EJB 2.1
I'm trying to implement authentication for my EJBs. Before I even start with
LoginModules, CallbackHandlers etc., the first thing I did was amend my
ejb-jar.xml to require a role ("SomeUser") when accessing methods of my EJB
("TemplateManager"). Without changing anything on the client, I ran it again
expecting to see authentication errors since there is no authentication, but
instead the client ran fine, calling methods on the bean without any
authentication. In other words, the EJB is still completely unsecured.
<security-role>
| <role-name>SomeUser</role-name>
| </security-role>
|
| <method-permission>
| <role-name>SomeUser</role-name>
| <method>
| <ejb-name>TemplateManager</ejb-name>
| <method-name>*</method-name>
| </method>
| </method-permission>
In my ejb methods, I do:
LOG.debug("Principal: "+sessionContext.getCallerPrincipal());
| LOG.debug("isCallerInRole: "+sessionContext.isCallerInRole("SomeUser"));
which produces:
17:57:19,707 DEBUG [TemplateManagerBean] Principal: anonymous
| 17:57:19,707 DEBUG [TemplateManagerBean] isCallerInRole: false
What's wrong? Why is JBoss ignoring the method-permission stuff in ejb-jar.xml?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4062601#4062601
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4062601
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
