On Feb 19, 2007, at 9:24 PM, Aman Nanner/MxI Technologies wrote:
I checked out the MDB interceptor stack and I do see that the
EjbRunAsInterceptor is missing. In order for me to add it and test
it out,
I'd need to rebuild the openejb-2.2 project. I have this checked
out but
am having difficulty building it. Is there an article out there for
building openejb-2.2? The main page at the openejb.org site has
instructions on how to build openejb3, but not version 2. I did a
bit of
searching but couldn't find it...
You should have checked out
https://svn.apache.org/repos/asf/incubator/openejb/trunk/openejb2
This project builds with maven 2.0.5, and running
mvn
ought to work (after enough tries).
What problems are you seeing?
thanks
david jencks
Thanks,
Aman
David Jencks <[EMAIL PROTECTED]> wrote on 02-19-2007 01:50:24 PM:
It looks to me as if the mdb interceptor stack is missing the
EJBRunAsInterceptor which would mean that run-as wouldn't work. I'm
also not seeing how any Subject such as the default subject is set
for an mdb call. So I think there's a bug (would rather check the
spec to make sure it's supposed to work before definitely declaring a
bug). Since you can't import security with an mdb from the inbound
message I'd think you could get almost the same result by making the
default subject for the mdb call your run-as subject, and this might
work, but I can't figure out if or how that's being set.
If you would like to experiment you might compare the ejb containers
and modify the mdb one to include the EJBRunAsInterceptor at a likely
spot and see if it works.
thanks
david jencks
On Feb 19, 2007, at 9:10 AM, Aman Nanner/MxI Technologies wrote:
Hi,
One Geronimo 1.2-beta, I'm running into a problem where a message-
driven
bean that I have is unable to access a stateless session EJB that I
have,
due to method permission restrictions. This MDB is configured
with a
"run-as" subject in the ejb-jar.xml which is supposed to allow it
to access
this restricted EJB. I have the MDB configured similar to the
following:
----
<message-driven>
<display-name>TestMDB</display-name>
<ejb-name>TestMDB</ejb-name>
<ejb-class>com.acme.ejb.TestMDB</ejb-class>
<transaction-type>Bean</transaction-type>
<message-destination-type>javax.jms.Topic</message-destination-type>
<activation-config>
<activation-config-property>
<activation-config-property-name>acknowledgeMode</activation-config-
property-name>
<activation-config-property-value>Auto-acknowledge</activation-
config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>messageSelector</activation-config-
property-name>
<activation-config-property-value>JOB_CODE =
'FOO'</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>subscriptionDurability</activation-
config-property-name>
<activation-config-property-value>NonDurable</activation-config-
property-value>
</activation-config-property>
</activation-config>
<ejb-ref>
<ejb-ref-name>ejb/common/TestEJB</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<home>com.acme.ejb.TestHome</home>
<remote>com.acme.ejb.TestRemote</remote>
<ejb-link>TestEJB</ejb-link>
</ejb-ref>
<security-identity>
<run-as>
<role-name>TESTROLE</role-name>
</run-as>
</security-identity>
</message-driven>
----
Can anybody confirm if the "run-as" functionality for MDBs works as
it's
supposed to in Geronimo 1.2-beta? Am I supposed to make a further
configuration to one of the geronimo or openejb descriptors, in
addition to
the ejb-jar.xml?
Through some debugging in Eclipse, I've found that the "run-as"
subject
does get loaded into the MDB Deployment Context as described, but I
haven't
confirmed if it actually gets set as the Subject for the context.
Thanks,
Aman
____________________________________________________________________
__
____________
* This message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that
is privileged, confidential and exempt from disclosure under
applicable law. Unless you are the addressee (or authorized to
receive for the addressee), you may not use, copy or disclose the
message or any information contained in the message. If you have
received this message in error, please advise the sender by reply e-
mail , and delete the message, or call (collect) 001 613 747 4698. *
______________________________________________________________________
____________
* This message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that
is privileged, confidential and exempt from disclosure under
applicable law. Unless you are the addressee (or authorized to
receive for the addressee), you may not use, copy or disclose the
message or any information contained in the message. If you have
received this message in error, please advise the sender by reply e-
mail , and delete the message, or call (collect) 001 613 747 4698. *
