10 messages in net.java.dev.glassfish.usersRe: Security Identity Propogation for...| From | Sent On | Attachments |
|---|---|---|
| for...@java.net | Mar 16, 2011 5:31 am | |
| for...@java.net | Mar 16, 2011 5:45 am | |
| Kumar.Jayanti | Mar 16, 2011 6:53 am | |
| for...@java.net | Mar 16, 2011 9:05 am | |
| for...@java.net | Mar 16, 2011 12:23 pm | |
| for...@java.net | Mar 17, 2011 6:03 am | |
| for...@java.net | Mar 18, 2011 6:28 am | |
| for...@java.net | Mar 18, 2011 1:52 pm | |
| for...@java.net | Mar 18, 2011 4:12 pm | |
| for...@java.net | Mar 18, 2011 4:52 pm |
| Subject: | Re: Security Identity Propogation for Servlet with @RunAs | |
|---|---|---|
| From: | Kumar.Jayanti (Vbku...@Sun.COM) | |
| Date: | Mar 16, 2011 6:53:30 am | |
| List: | net.java.dev.glassfish.users | |
On 16/03/11 6:02 PM, for...@java.net wrote:
On Glassfish 3.1 b43.
I have two applications, an EAR with EJB modules, and a separate WAR module.
When setting up security, both the EAR and the WAR use the same realm. Authenticated User subjects are propagated from the WAR to the EAR as expected. In an EJB, I can access the caller principal and check is caller in role.
Now I am trying to write some system code for startup in the WAR. I write a Servlet and annotate it with @RunAs("System") with hopes the code in the init() method
Did you mean the init() method of the servlet here ?. I will need to check with the Spec people if this is a Bug. From the Servlet 3.0 spec and JSR 250 spec it is not very clear if this should have worked. Although by common sense since you placed the annotation on the class it should probably apply to init().
Will check and get back.
regards, kumar
will propagate as a System Role to the EJBs. I would think all I would have to do is declare the security role in the web.xml, and declare a mapping to a group in the sun specific, so I put in web.xml:
<security-role> <description/> <role-name>System</role-name> </security-role>
and add to sun-web.xml:
<security-role-mapping> <role-name>System</role-name> <principal-name>systemuser</principal-name> </security-role-mapping> <servlet> <servlet-name>StartupServlet</servlet-name> <principal-name>systemuser</principal-name> </servlet>
as explained here http://java.sun.com/developer/technicalArticles/J2EE/security_annotation/
This deploys, but does not propagate the identity I configured here. It propogates ANONYMOUS.
*Are there other glassfish configs I need to make this work?*
I've tried adding the System group and systemuser to the database, but that did nothing.
--
[Message sent by forum member 'joelstewart']
View Post: http://forums.java.net/node/782089