In this case, I am calling a Secure Stateless Session Bean from within the
onMessage method of an MDB.
The SLSB is in turn calling another secure SLSB. The second SLSB is calling
SessionContext.isCallerInRole("Administrator");
So we have
JMS message
| --> MDB.onMessage
| -->SLSB1.method()
| --> SLSB2.method()
| --> SessionContext.isCallerInRole("Administrator");
So the call to isCallerInRole is being done by within a call made to other
resources from within the onMessage method. isCallerInRole is returning false,
which is a suprise as the MDB is set to run-as Administrator.
All of the calls to the SLSB are done via local interfaces. I was suprised
that isCallerInRole returned false, as the caller definitley is in the
Administrator role. For example, if I have the MDB call a SLSB method with
only a
* @ejb.permission role-name = "Administrator"
the security framework will allow the MDB to make the call. Its only
isCallerInRole that does not seem able to determine the role of the calling MDB.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3866469#3866469
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3866469
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
