Re: [JBoss-user] required?

Scott M Stark Tue, 10 Jul 2001 23:18:45 -0700
Our interpretation of the spec does not agree with yours in that you
must define a security-role-ref and link it to a security-role using a
role-link element. If you read through all of the roles responsibilities,
ultimately
the deployer has to ensure that the security-role-ref is mapped to an
enviroment role. JBoss requires that you make use of the ejb-jar
security-role-ref
and security-role elements to define the isCallerInRole mappings. Your
login module then of course has to actually assign the principals one or
more of the security-roles defined in the ejb-jar.xml descriptor.

----- Original Message -----
From: "Michael Jara" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 10, 2001 9:36 PM
Subject: Re: [JBoss-user] <role-link> required?


> First of all, I had a type-o in my original message:  I meant to say
> "<role-name>" was required, not "<role-ref>" (no such thing!)
>
> My complete ejb-jar.xml is really long (which is why I was trying to leave
> out the <role-link>s,) but here's a truncated section of it:
>
>                 <entity>
>                         <ejb-name>ETSEvent</ejb-name>
>
> <home>siemens.sea.gts.ets.ejb.event.ETSEventHome</home>
>
> <remote>siemens.sea.gts.ets.ejb.event.ETSEvent</remote>
>
> <ejb-class>siemens.sea.gts.ets.ejb.event.ETSEventBean</ejb-class>
>                         <persistence-type>Container</persistence-type>
>                         <prim-key-class>java.lang.String</prim-key-class>
>                         <reentrant>False</reentrant>
>
> ... truncated CMP fields & EJB refs ...
>
>                         <security-role-ref>
>                                 <description>Allowed to set events w/any
> parameters</description>
>                                 <role-name>SystemAdministrator</role-name>
>                         </security-role-ref>
>                         <security-role-ref>
>                                 <description>Allowed to set events w/any
> parameters</description>
>                                 <role-name>TOCOperator</role-name>
>                         </security-role-ref>
>                         <security-role-ref>
>                                 <description>Allowed to set construction
> events only</description>
>
<role-name>Manager_Construction</role-name>
>                         </security-role-ref>
>
> ... truncated remaining role refs ...
>
> Then in a business method of that bean, I was using
> "context.isCallerInRole("SystemAdministrator")" and
> "context.isCallerInRole("TOCOperator")".  These "isCallerInRole" calls
> always failed (I double-checked spelling, re-deployed several times, put a
> bunch of debug statements to show
"context.getCallerPrincipal().getName()".
>
> As soon as I added "<role-link>SystemAdministrator</role-link>" to the
> security-role-ref, the code behaved correctly for SystemAdministrator
users.
> It was a simple matter to add role-links to the rest of my role-refs, but
I
> thought I should mention it.
>
> Should I log a bug?
>
> Thanks,
> Mike
>



_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] required?

Reply via email to
