How can I set security roles and map them to EJB methods?
I tried to run-as an EJB Session Stateless method as 'common_user' role - here you are the DD snip:
<session id="pr.PrincipalBean">
<ejb-name>Principal</ejb-name>
<home>pr.PrincipalHome</home>
<remote>pr.Principal</remote>
<ejb-class>pr.PrincipalBean</ejb-class>
<session-type>Stateful</session-type>
<transaction-type>Container</transaction-type>
<security-identity>
<description></description>
<run-as>
<description></description>
<role-name>common_user</role-name>
</run-as>
</security-identity>
</session>
roles are defined as follows:
<assembly-descriptor>
<security-role>
<role-name>supervisor</role-name>
</security-role>
<security-role>
<role-name>common_user</role-name>
</security-role>
</assembly-descriptor>
when I call a (remote) method of the 'Principal' stefull EJB I try to execute the following instructions at the beginning of the called method:
System.out.println(this.mySessionCtx.getCallerPrincipal().getName());
System.out.println("is caller common_user?: " + this.mySessionCtx.isCallerInRole("common_user"));
but the WebSphere console output always results:
SysOut: UNAUTHORIZED
SysOut: is caller common_user?: false
Whyyyyyyyyyyyyy?
I'am experincing on IBM Rational Developer Sutdio 6, Windows 2000 Pro, WebSphere AppServer 6.0 Test Environment
Who could help me?
ciroBorrelli (c.borrelli@info92.it)![[bigears]](/data/assets/smilies/bigears.gif "[bigears] [bigears]")
I tried to run-as an EJB Session Stateless method as 'common_user' role - here you are the DD snip:
<session id="pr.PrincipalBean">
<ejb-name>Principal</ejb-name>
<home>pr.PrincipalHome</home>
<remote>pr.Principal</remote>
<ejb-class>pr.PrincipalBean</ejb-class>
<session-type>Stateful</session-type>
<transaction-type>Container</transaction-type>
<security-identity>
<description></description>
<run-as>
<description></description>
<role-name>common_user</role-name>
</run-as>
</security-identity>
</session>
roles are defined as follows:
<assembly-descriptor>
<security-role>
<role-name>supervisor</role-name>
</security-role>
<security-role>
<role-name>common_user</role-name>
</security-role>
</assembly-descriptor>
when I call a (remote) method of the 'Principal' stefull EJB I try to execute the following instructions at the beginning of the called method:
System.out.println(this.mySessionCtx.getCallerPrincipal().getName());
System.out.println("is caller common_user?: " + this.mySessionCtx.isCallerInRole("common_user"));
but the WebSphere console output always results:
SysOut: UNAUTHORIZED
SysOut: is caller common_user?: false
Whyyyyyyyyyyyyy?
I'am experincing on IBM Rational Developer Sutdio 6, Windows 2000 Pro, WebSphere AppServer 6.0 Test Environment
Who could help me?
ciroBorrelli (c.borrelli@info92.it)