geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject How is the default-subject used in EJB security?
Date Thu, 16 Oct 2008 20:14:54 GMT
I have a stateless bean BankBean1 as given below:

@Stateless
@DeclareRoles(value = {"bank", "customer"})
public class BankBean1 implements Bank {

    @RolesAllowed({"customer", "bank"})
    public Double getBalance(Integer account) {
        return data.get(account);
    }

    @RolesAllowed({"bank"})
    public Double creditAccount(Integer account, Double amt) {
        ...
        return value;
    }

    @RolesAllowed({"bank"})
    public Double debitAccount(Integer account, Double amt) {
        ...
        return value;
    }
}

I have a second stateless bean BankBean2 that has a reference injected to
BankBean1 and uses @RunAs as given below:
@Stateless
@DeclareRoles(value = {"bank", "customer"})
@RunAs(value = "bank")
public class BankBean2 implements Bank2 {

    @EJB
    private Bank bank; // BankBean1 gets injected here.

    public Double getBalance(Integer account) {
        return bank.getBalance(account);
    }

    public Double creditAccount(Integer account, Double amt) {
        return bank.creditAccount(account, amt);
    }

    public Double debitAccount(Integer account, Double amt) {
        return bank.debitAccount(account, amt);
    }
}

In the security mapping in openejb-jar.xml, if I specify a run-as-subject
for "bank" role, BankBean2 is able to invoke BankBean1 as per that
run-as-subject specified.  But if I don't specify a run-as-subject, but only
use a default-subject, BankBean2 is unable to invoke BankBean1 as per the
default-subject specified. I guess the default-subject is being ignored.
This is not the case with run-as-subject and default-subject used in
geronimo-web.xml.  In the absence of run-as-subject I notice that
default-subject is used.  I am wondering how the default-subject is used in
ejb security.

++Vamsi

Mime
View raw message