I will asap :-)
Another issue, perhaps.
I've updated my sample project
I've added a "border layer" between jsf managed beans and ejb layer
Maybe this is a little odd scenario, but anyhow.
topology (I've skipped the debug statements):
RequestScoped Bean -> Bordercontroller EJB -> BusinessBean EJB
RequestScopedBean:
@Named
@RequestScoped
public class ViewController {
@EJB private BorderController borderController;
public void action(ActionEvent event){
borderController.sayHelloBorder();
}
}
BorderControllerBean:
@Stateless
@RunAs("InternalGroup")
@DeclareRoles({"InternalGroup","SuperAdmin"})
public class BorderControl {
@EJB
private BusinessBean businessBean;
@Resource
private SessionContext sessionContext;
@RolesAllowed("SuperAdmin")
public void sayHelloBorder() {
businessBean.sayHello();
}
}
BusinessBean;
@Stateless
@DeclareRoles({"InternalGroup", "SuperAdmin"})
public class BusinessBean {
@Resource
SessionContext sessionContext;
@RolesAllowed("InternalGroup")
public void sayHello() {
}
}
In TomEE Access to the borderController is denied:
ViewController Start
ViewController: User is in SuperAdmin
ViewController: Calling BorderController. Principal Name: admin
In Glassfish:
INFO: ViewController Start
INFO: ViewController: User is in SuperAdmin
INFO: ViewController: Calling BorderController. Principal Name: admin
INFO: BorderControl:Start
INFO: BorderControl: User is in SuperAdmin
INFO: BorderControl:Calling Businessbean. Principal Name: admin
INFO: BusinessBean Start
INFO: BusinessBean: User is in InternalGroup
INFO: BusinessBean: Hello: internal-user
br,
hw
--
View this message in context:
http://openejb.979440.n4.nabble.com/Tomee-and-security-role-mapping-tp4663567p4663639.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
